[gdal-dev] Memory corruption in PNG driver with Microsoft DebugDLLs?

Shaw, Jonathan-P29740 Jonathan.Shaw at gdc4s.com
Wed Mar 31 19:20:57 EDT 2010 

Upon further browsing of the open tickets, I'm wondering if I'm
experiencing the crashes, heap corruption, etc. described by
http://trac.osgeo.org/gdal/ticket/3346.

I've also been having issues with closing VRT datasets in some
circumstances where I've chained them, and warping some MrSID sources
where it succeeds at certain output sizes and not others (for
instance)... Now I'm starting to think these may also be related to
issue #3346.

I'll start doing more testing with my app built in release mode instead
of debug. Any other advice?

Thanks,
Jonathan


-----Original Message-----
From: gdal-dev-bounces at lists.osgeo.org
[mailto:gdal-dev-bounces at lists.osgeo.org] On Behalf Of Shaw,
Jonathan-P29740
Sent: Wednesday, March 31, 2010 3:08 PM
To: gdal-dev at lists.osgeo.org
Subject: [gdal-dev] Memory corruption in PNG driver with Microsoft
DebugDLLs?

The code below may cause a memory access violation in GDALClose() if the
source dataset is in PNG format. The PNG driver appears to be corrupting
memory by unintentionally writing into parts of GDALPamDataset (its base
class), and perhaps into other areas, too?

This is evidenced if you open a PNG dataset and then view the value of
its GetPamFlags() integer. Whether or not GDALClose() crashes, the PAM
flag is way out of range. Commenting out the NOSAVE bit setting will
apparently clear the issue crash issue, but not the PAM object
corruption. For me, the corruption is only evident if the Microsoft
Debug DLLs are used (Multi-threaded Debug DLL /MDd, or Multi-threaded
Debug /MTd).

I used FWTools 2.4.7 (GDAL 1.7.0b2) on a Windows XP 64-bit system. I
built the test app below using Visual Studio 2008 SP1 (9.0.30729.1 SP).

I tried to create a ticket in trac.osgeo.org/gdal, but it says I do not
have create ticket permission.

Thanks,
Jonathan



#include <iostream>
#include <gdal.h>
#include <gdal_priv.h> // for GDALDataset
#include <gdal_pam.h> // for GDALPamDataset

int main(int argc, char **argv)
{
    GDALAllRegister();
    GDALDataset *ds = (GDALDataset *)GDALOpen(
        "S:\\Maps\\aux_test.png", GA_ReadOnly);

    GDALPamDataset *pamDs = dynamic_cast<GDALPamDataset *>(ds);
    if (pamDs != NULL)
    {
        // with Debug DLLs, this prints number like 18666064,
        // while with release DLLs, this outputs 0.
        std::cout << "Initial flags: "
            << pamDs->GetPamFlags() << std::endl;

        int pamFlags = pamDs->GetPamFlags();
        pamFlags |= GPF_NOSAVE;

        // changing flag further corrupts PNG dataset?
        pamDs->SetPamFlags(pamFlags);
    }

    GDALClose(ds); // access violation with MSFT Debug DLLs

    GDALDestroyDriverManager();
}

_______________________________________________
gdal-dev mailing list
gdal-dev at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/gdal-dev

More information about the gdal-dev mailing list