[fdo-trac] #68: Array bounds checking in FdoSpatialUtility::GetExtents
FDO
trac_fdo at osgeo.org
Wed May 2 13:50:20 EDT 2007
#68: Array bounds checking in FdoSpatialUtility::GetExtents
---------------------------+------------------------------------------------
Reporter: gavincramer | Owner: gregboone
Type: defect | Status: new
Priority: major | Milestone: 3.3.0
Component: FDO API | Version: 3.3.0
Severity: 3 | Keywords:
External_id: |
---------------------------+------------------------------------------------
FdoSpatialUtility::GetExtents does not check for array bounds, and thus it
is easy to pass it data that causes a crash, or that returns garbage
results. E.g.:
double minX=0.0, minY=0.0, maxX=0.0, maxY=0.0, minZ=0.0, maxZ=0.0;
GisByte bytes [] = { 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50 };
GisPtr<GisByteArray> ba = GisByteArray::Create(bytes, sizeof(bytes));
GisSpatialUtility::GetExtents(ba, minX, minY, maxX, maxY);
... will crash, because it indicates the presence of a large array of
positions.
This can happen inadvertently (say, internal defect or incomplete data
retrieval) or due to malicious content creation.
--
Ticket URL: <http://trac.osgeo.org/fdo/ticket/68>
FDO <http://fdo.osgeo.org/>
Feature Data Objects
More information about the fdo-trac
mailing list