[fdo-trac] #814: Fix buffer overflow in FDO PostGis provider
FDO
trac_fdo at osgeo.org
Thu Feb 9 21:31:22 EST 2012
#814: Fix buffer overflow in FDO PostGis provider
--------------------------------+-------------------------------------------
Reporter: samwang | Owner: Sam Wang
Type: defect | Status: new
Priority: major | Milestone: 3.7.0
Component: PostGIS Provider | Version: 3.7.0
Severity: 2 | Keywords: buffer overflow
External_id: |
--------------------------------+-------------------------------------------
There is an buffer overflow in FDO postGis provider:
in Providers\GenericRdbms\Src\PostGis\Driver\fetch.c line 143
strncpy(buffer, fvalue, fvalue_length);
buffer[fvalue_length] = '\0';
There are chances when the favlue_length is larger than the actual buffer
length, since for Unicode characters they are encoded in UTF-8 which means
a character can be encoded in more than one byte and up to four bytes. But
the buffer size allocated is just the logical length of the property
defined(the number of Unicode character numbers) in bytes. Thus a buffer
overflow may happen.
This ticket addresses this problem.
The fix is attached.
--
Ticket URL: <http://trac.osgeo.org/fdo/ticket/814>
FDO <http://fdo.osgeo.org/>
Feature Data Objects
More information about the fdo-trac
mailing list