[mapserver-commits] r9804 - trunk/mapserver
svn at osgeo.org
svn at osgeo.org
Thu Feb 18 14:28:51 EST 2010
Author: pramsey
Date: 2010-02-18 14:28:51 -0500 (Thu, 18 Feb 2010)
New Revision: 9804
Modified:
trunk/mapserver/HISTORY.TXT
trunk/mapserver/mappostgis.c
Log:
Avoid memory error when building SQL bbox (#3324)
Modified: trunk/mapserver/HISTORY.TXT
===================================================================
--- trunk/mapserver/HISTORY.TXT 2010-02-18 19:28:12 UTC (rev 9803)
+++ trunk/mapserver/HISTORY.TXT 2010-02-18 19:28:51 UTC (rev 9804)
@@ -14,6 +14,8 @@
Current Version (SVN trunk):
----------------------------
+- Avoid memory error when building SQL bbox (#3324)
+
- Reproject rectangles as polygons to get datelin wrapping (#3179)
- Add support for the WMS capabilities items AuthorityURL, Identifier (#3251)
Modified: trunk/mapserver/mappostgis.c
===================================================================
--- trunk/mapserver/mappostgis.c 2010-02-18 19:28:12 UTC (rev 9803)
+++ trunk/mapserver/mappostgis.c 2010-02-18 19:28:51 UTC (rev 9804)
@@ -912,32 +912,44 @@
char *msPostGISBuildSQLBox(layerObj *layer, rectObj *rect, char *strSRID) {
char *strBox = NULL;
+ size_t sz;
if (layer->debug) {
msDebug("msPostGISBuildSQLBox called.\n");
}
if ( strSRID ) {
- static char *strBoxTemplate = "GeomFromText('POLYGON((%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g))',%s)";
+ static char *strBoxTemplate = "GeomFromText('POLYGON((%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f))',%s)";
/* 10 doubles + 1 integer + template characters */
- strBox = (char*)malloc(10 * 15 + strlen(strSRID) + strlen(strBoxTemplate));
- sprintf(strBox, strBoxTemplate,
+ sz = 10 * 15 + strlen(strSRID) + strlen(strBoxTemplate);
+ strBox = (char*)malloc(sz+1); /* add space for terminating NULL */
+ if ( sz <= snprintf(strBox, sz, strBoxTemplate,
rect->minx, rect->miny,
rect->minx, rect->maxy,
rect->maxx, rect->maxy,
rect->maxx, rect->miny,
rect->minx, rect->miny,
- strSRID);
+ strSRID) )
+ {
+ msSetError(MS_MISCERR,"Bounding box digits truncated.","msPostGISBuildSQLBox");
+ return 0;
+ }
} else {
- static char *strBoxTemplate = "GeomFromText('POLYGON((%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g))')";
+ static char *strBoxTemplate = "GeomFromText('POLYGON((%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f,%.15f %.15f))')";
/* 10 doubles + template characters */
- strBox = (char*)malloc(10 * 15 + strlen(strBoxTemplate));
- sprintf(strBox, strBoxTemplate,
+ sz = 10 * 15 + strlen(strBoxTemplate);
+ strBox = (char*)malloc(sz+1); /* add space for terminating NULL */
+ if ( sz <= snprintf(strBox, sz, strBoxTemplate,
rect->minx, rect->miny,
rect->minx, rect->maxy,
rect->maxx, rect->maxy,
rect->maxx, rect->miny,
- rect->minx, rect->miny);
+ rect->minx, rect->miny) )
+ {
+ msSetError(MS_MISCERR,"Bounding box digits truncated.","msPostGISBuildSQLBox");
+ return 0;
+ }
+
}
return strBox;
More information about the mapserver-commits
mailing list