[mapserver-commits] r10830 - trunk/mapserver

[svn at osgeo.org]

Author: aboudreault
Date: 2011-01-04 07:03:13 -0800 (Tue, 04 Jan 2011)
New Revision: 10830

Modified:
   trunk/mapserver/HISTORY.TXT
   trunk/mapserver/mapfile.c
   trunk/mapserver/mapserver.h
Log:
Fixed Improper validation of symbol index values (#3641)

Modified: trunk/mapserver/HISTORY.TXT
===================================================================
--- trunk/mapserver/HISTORY.TXT	2011-01-04 05:07:49 UTC (rev 10829)
+++ trunk/mapserver/HISTORY.TXT	2011-01-04 15:03:13 UTC (rev 10830)
@@ -14,6 +14,8 @@
 Current Version (SVN trunk):
 ----------------------------
 
+- Fixed Improper validation of symbol index values (#3641)
+
 - Removed BACKGROUNDCOLOR, BACKGROUNDSHADOWCOLOR and BACKGROUNDSHADOWOFFSET label parameters (#3609)
 
 - Fixed Transformation from XML to MapFile only handles one PROCESSING element (#3631)

Modified: trunk/mapserver/mapfile.c
===================================================================
--- trunk/mapserver/mapfile.c	2011-01-04 05:07:49 UTC (rev 10829)
+++ trunk/mapserver/mapfile.c	2011-01-04 15:03:13 UTC (rev 10830)
@@ -5600,13 +5600,17 @@
 
       /* make sure any symbol names for this layer have been resolved (bug #2700) */
       for(j=0; j<GET_LAYER(map, i)->numclasses; j++) {
-	for(k=0; k<GET_LAYER(map, i)->class[j]->numstyles; k++) {
+        for(k=0; k<GET_LAYER(map, i)->class[j]->numstyles; k++) {
           if(GET_LAYER(map, i)->class[j]->styles[k]->symbolname && GET_LAYER(map, i)->class[j]->styles[k]->symbol == 0) {
             if((GET_LAYER(map, i)->class[j]->styles[k]->symbol =  msGetSymbolIndex(&(map->symbolset), GET_LAYER(map, i)->class[j]->styles[k]->symbolname, MS_TRUE)) == -1) {
               msSetError(MS_MISCERR, "Undefined symbol \"%s\" in class %d, style %d of layer %s.", "msUpdateMapFromURL()", GET_LAYER(map, i)->class[j]->styles[k]->symbolname, j, k, GET_LAYER(map, i)->name);
               return MS_FAILURE;
             }
           }
+          if(!MS_IS_VALID_ARRAY_INDEX(GET_LAYER(map, i)->class[j]->styles[k]->symbol, map->symbolset.numsymbols)) {
+            msSetError(MS_MISCERR, "Invalid symbol index in class %d, style %d of layer %s.", "msUpdateMapFromURL()", j, k, GET_LAYER(map, i)->name);
+            return MS_FAILURE;
+          }
         }
       }
 
@@ -5878,7 +5882,6 @@
     /* step through layers and classes to resolve symbol names */
     for(i=0; i<map->numlayers; i++) {
         for(j=0; j<GET_LAYER(map, i)->numclasses; j++) {
-          
             /* class styles */
             for(k=0; k<GET_LAYER(map, i)->class[j]->numstyles; k++) {
                 if(GET_LAYER(map, i)->class[j]->styles[k]->symbolname) {
@@ -5887,6 +5890,10 @@
                         return MS_FAILURE;
                     }
                 }
+                if(!MS_IS_VALID_ARRAY_INDEX(GET_LAYER(map, i)->class[j]->styles[k]->symbol, map->symbolset.numsymbols)) {
+                    msSetError(MS_MISCERR, "Invalid symbol index in class %d, style %d of layer %s.", "msLoadMap()", j, k, GET_LAYER(map, i)->name);
+                    return MS_FAILURE;
+                }
             }
 
             /* label styles */

Modified: trunk/mapserver/mapserver.h
===================================================================
--- trunk/mapserver/mapserver.h	2011-01-04 05:07:49 UTC (rev 10829)
+++ trunk/mapserver/mapserver.h	2011-01-04 15:03:13 UTC (rev 10830)
@@ -421,6 +421,8 @@
 #define MS_REFCNT_DECR_IS_NOT_ZERO(obj) (MS_REFCNT_DECR(obj))>0
 #define MS_REFCNT_DECR_IS_ZERO(obj) (MS_REFCNT_DECR(obj))<=0
 
+#define MS_IS_VALID_ARRAY_INDEX(index, size) ((index<0 || index>=size)?MS_FALSE:MS_TRUE)
+
 #endif
 
 /* General enumerated types - needed by scripts */