[GRASS-SVN] r63933 - grass/branches/releasebranch_7_0/lib/vector/Vlib
svn_grass at osgeo.org
svn_grass at osgeo.org
Fri Jan 2 04:03:04 PST 2015
Author: martinl
Date: 2015-01-02 04:03:04 -0800 (Fri, 02 Jan 2015)
New Revision: 63933
Modified:
grass/branches/releasebranch_7_0/lib/vector/Vlib/read_pg.c
Log:
vlib: fix ** CID 1248541: Untrusted loop bound (TAINTED_SCALAR)
(merge r62308 from trunk)
Modified: grass/branches/releasebranch_7_0/lib/vector/Vlib/read_pg.c
===================================================================
--- grass/branches/releasebranch_7_0/lib/vector/Vlib/read_pg.c 2015-01-02 11:53:30 UTC (rev 63932)
+++ grass/branches/releasebranch_7_0/lib/vector/Vlib/read_pg.c 2015-01-02 12:03:04 UTC (rev 63933)
@@ -1041,6 +1041,7 @@
struct Format_info_cache *cache, int *nrings)
{
int data_offset, i, nsize, isize;
+ int num_of_rings;
struct line_pnts *line_i;
if (nbytes < 9 && nbytes != -1)
@@ -1054,13 +1055,14 @@
if (*nrings < 0) {
return -1;
}
-
+ num_of_rings = *nrings;
+
/* reallocate space for islands if needed */
- Vect__reallocate_cache(cache, *nrings, FALSE);
- cache->lines_num += *nrings;
+ Vect__reallocate_cache(cache, num_of_rings, FALSE);
+ cache->lines_num += num_of_rings;
/* each ring has a minimum of 4 bytes (point count) */
- if (nbytes != -1 && nbytes - 9 < (*nrings) * 4) {
+ if (nbytes != -1 && nbytes - 9 < num_of_rings * 4) {
return error_corrupted_data(_("Length of input WKB is too small"));
}
@@ -1070,7 +1072,7 @@
/* get the rings */
nsize = 9;
- for (i = 0; i < (*nrings); i++) {
+ for (i = 0; i < num_of_rings; i++) {
if (cache->lines_next >= cache->lines_num)
G_fatal_error(_("Invalid cache index %d (max: %d)"),
cache->lines_next, cache->lines_num);
More information about the grass-commit
mailing list