[mapserver-commits] r9804 - trunk/mapserver

svn at osgeo.org svn at osgeo.org
Thu Feb 18 14:28:51 EST 2010


Author: pramsey
Date: 2010-02-18 14:28:51 -0500 (Thu, 18 Feb 2010)
New Revision: 9804

Modified:
   trunk/mapserver/HISTORY.TXT
   trunk/mapserver/mappostgis.c
Log:
Avoid memory error when building SQL bbox (#3324)



Modified: trunk/mapserver/HISTORY.TXT
===================================================================
--- trunk/mapserver/HISTORY.TXT	2010-02-18 19:28:12 UTC (rev 9803)
+++ trunk/mapserver/HISTORY.TXT	2010-02-18 19:28:51 UTC (rev 9804)
@@ -14,6 +14,8 @@
 Current Version (SVN trunk):
 ----------------------------
 
+- Avoid memory error when building SQL bbox (#3324)
+
 - Reproject rectangles as polygons to get datelin wrapping (#3179)
 
 - Add support for the WMS capabilities items AuthorityURL, Identifier (#3251)

Modified: trunk/mapserver/mappostgis.c
===================================================================
--- trunk/mapserver/mappostgis.c	2010-02-18 19:28:12 UTC (rev 9803)
+++ trunk/mapserver/mappostgis.c	2010-02-18 19:28:51 UTC (rev 9804)
@@ -912,32 +912,44 @@
 char *msPostGISBuildSQLBox(layerObj *layer, rectObj *rect, char *strSRID) {
 
     char *strBox = NULL;
+    size_t sz;
 
     if (layer->debug) {
         msDebug("msPostGISBuildSQLBox called.\n");
     }
 
     if ( strSRID ) {
-        static char *strBoxTemplate = "GeomFromText('POLYGON((%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g))',%s)";
+        static char *strBoxTemplate = "GeomFromText('POLYGON((%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f))',%s)";
         /* 10 doubles + 1 integer + template characters */
-        strBox = (char*)malloc(10 * 15 + strlen(strSRID) + strlen(strBoxTemplate));
-        sprintf(strBox, strBoxTemplate,
+        sz = 10 * 15 + strlen(strSRID) + strlen(strBoxTemplate);
+        strBox = (char*)malloc(sz+1); /* add space for terminating NULL */
+        if ( sz <= snprintf(strBox, sz, strBoxTemplate,
                 rect->minx, rect->miny,
                 rect->minx, rect->maxy,
                 rect->maxx, rect->maxy,
                 rect->maxx, rect->miny,
                 rect->minx, rect->miny,
-                strSRID);
+                strSRID) )
+	{
+        	msSetError(MS_MISCERR,"Bounding box digits truncated.","msPostGISBuildSQLBox");
+        	return 0;
+	}
     } else {
-        static char *strBoxTemplate = "GeomFromText('POLYGON((%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g))')";
+        static char *strBoxTemplate = "GeomFromText('POLYGON((%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f))')";
         /* 10 doubles + template characters */
-        strBox = (char*)malloc(10 * 15 + strlen(strBoxTemplate));
-        sprintf(strBox, strBoxTemplate,
+        sz = 10 * 15 + strlen(strBoxTemplate);
+        strBox = (char*)malloc(sz+1); /* add space for terminating NULL */
+        if ( sz <= snprintf(strBox, sz, strBoxTemplate,
                 rect->minx, rect->miny,
                 rect->minx, rect->maxy,
                 rect->maxx, rect->maxy,
                 rect->maxx, rect->miny,
-                rect->minx, rect->miny);
+                rect->minx, rect->miny) )
+	{
+        	msSetError(MS_MISCERR,"Bounding box digits truncated.","msPostGISBuildSQLBox");
+        	return 0;
+	}
+	
     }
 
     return strBox;



More information about the mapserver-commits mailing list