[gdal-dev] NITF invalid read of 2 bytes causes crash
even.rouault at mines-paris.org
Tue Apr 27 16:35:43 EDT 2010
Issue confirmed and ticket filed as http://trac.osgeo.org/gdal/ticket/3551
Le Tuesday 27 April 2010 19:01:56 Smart, Gary, vous avez écrit :
> I have attached a colour NITF image which causes an invalid read within
> NITFReadImageLine (nitfimage.c:1661). This invalid read was detected by
> valgrind which I have been using to investigate a crash in my
> application - which happens to segfault exactly on this line. More
> often than not, I can read and display this colour image. Sometimes
> though - it crashes my application. However, even when correctly
> displayed, valgrind still reports the invalid read.
> I have looked at the logic in the function NITFReadImageLine and it
> seems to be flawed in that it mallocs an area which seems to be a
> function of the number of requested columns, but then copies imagery
> into the buffer using a for-loop based on the block size. Moreover, the
> nLineSize computed for the malloc was not big enough for the requested
> area anyway.
> The problem is only really evident in colour images for which reads are
> requested that are smaller than the blocksize in the file.
> Whilst I cannot be certain that my replacement logic will suffice for
> all NITF configs, I certainly think the memory management in this
> function AND the corresponding NITFWriteImageLine should be reviewed?
> My changes certainly get rid of my read-errors and crashes (find #####
> in the attached code snippet).
> Opinions anyone?
More information about the gdal-dev