[mapserver-commits] [MapServer/MapServer] ecb47d: mapserver.h: check _WIN32 instead of WIN32
Even Rouault
noreply at github.com
Thu Oct 7 05:40:39 PDT 2021
Branch: refs/heads/branch-7-6
Home: https://github.com/MapServer/MapServer
Commit: ecb47d451281b4f2b116c0eda8913e61ba508120
https://github.com/MapServer/MapServer/commit/ecb47d451281b4f2b116c0eda8913e61ba508120
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapregex.h
M mapscript/mapscript.i
M mapserv.c
M mapserver.h
M mapwms.c
Log Message:
-----------
mapserver.h: check _WIN32 instead of WIN32
The canonical macro is _WIN32. WIN32 usually exists as well, but is a
non-standard macro.
See https://docs.microsoft.com/en-us/cpp/preprocessor/predefined-macros?view=msvc-160
Commit: edc77838bf1c3eef8aa046ca8534167050d51ff4
https://github.com/MapServer/MapServer/commit/edc77838bf1c3eef8aa046ca8534167050d51ff4
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapogcfilter.c
M mapogcfiltercommon.cpp
M textlayout.c
Log Message:
-----------
textlayout: declare variables when they are used
Fixes various -Wunused warnings.
Commit: 334ffee65e79f997600a37d44fab9cdb68182bcf
https://github.com/MapServer/MapServer/commit/334ffee65e79f997600a37d44fab9cdb68182bcf
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapogcfilter.c
M mapogcsld.c
Log Message:
-----------
mapogcfilter: disable several functions if they are not used
Fixes various -Wunused warnings.
Commit: 59c6c030bef3987f33d0c4576264a60bfdebde5c
https://github.com/MapServer/MapServer/commit/59c6c030bef3987f33d0c4576264a60bfdebde5c
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapdraw.c
M maplabel.c
M mappostgis.c
M mapprimitive.c
M mapproject.c
M mapsmoothing.c
M maptemplate.c
Log Message:
-----------
mapdraw, ...: simplify pointObj initializers
With some compile-time options, pointObj has less than 4 fields, so
this patch also fixes the build with those options.
Commit: d82a348819a171f1437df7575a2d45f66370219a
https://github.com/MapServer/MapServer/commit/d82a348819a171f1437df7575a2d45f66370219a
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapmetadata.c
Log Message:
-----------
mapmetadata: disable if compile-time features are missing
Fixes build breakage.
Commit: 78d9fe2d2ee071a3f1889a3574543b850b2d6a16
https://github.com/MapServer/MapServer/commit/78d9fe2d2ee071a3f1889a3574543b850b2d6a16
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapstring.c
Log Message:
-----------
mapstring: optimize msStringToUpper(), msStringToLower()
Traverse the string only once. Also, this removes code which
triggered -Wsign-compare.
Commit: 89b4448ec9933bc356a64bc8945c27ad9e47c800
https://github.com/MapServer/MapServer/commit/89b4448ec9933bc356a64bc8945c27ad9e47c800
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapshape.c
Log Message:
-----------
mapshape: fix buffer overflow in msSHPReadShape()
The data in panParts is never checked. The only check was
"numpoints<=0", but that is not enough.
Three very bad things can happen:
- arbitrary huge values, leading to allocations of up to two billion
elements (INT_MAX), bypassing the 50 million limit which was
previously put on "nPoints"
- overflowing the "pabyRec" buffer in the memcpy() call
- integer overflow in the malloc() call, writing past the allocated
buffer
The latter is probably enough for remote code execution.
Vulnerability found with libFuzzer.
Commit: 6fa2243c25726cb62718253ef260632301a05415
https://github.com/MapServer/MapServer/commit/6fa2243c25726cb62718253ef260632301a05415
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapshape.c
Log Message:
-----------
mapshape: fix double free bug after error in msSHPReadShape()
After freeing the "line" field, we need to clear it, or else it will
be freed again in msFreeShape().
In two code paths, the "numlines" field was not cleared, which could
lead to a use-after-free bug in msFreeShape(), which in turn could
either crash or lead to another double-free bug in msFreeShape().
Vulnerability found with libFuzzer.
Commit: 434164fcc26f9d36df556d1809749db7fcaa4565
https://github.com/MapServer/MapServer/commit/434164fcc26f9d36df556d1809749db7fcaa4565
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapshape.c
Log Message:
-----------
mapshape: check msSHPReadBounds() return value, fix endless loop
With a crafted shapefile, it was possible to put
msShapefileWhichShapes() into an extremely long loop, calling
msSHPReadBounds() over and over, even if all of those calls fail.
This patch adds error checking, and if an error occurs,
msShapefileWhichShapes() gives up, because after an I/O error, there
is no reasonable chance that anything will ever work properly.
Vulnerability found by libFuzzer.
Commit: b08cf2dc8433bdedc93cb1a0f61deb215822a9ee
https://github.com/MapServer/MapServer/commit/b08cf2dc8433bdedc93cb1a0f61deb215822a9ee
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapshape.c
Log Message:
-----------
msSHPReadAllocateBuffer(): use correct realloc() pattern and validate size (CID 1503560)
Commit: 01ca4389ec64cf4357a59debee02f38cd3b8aefd
https://github.com/MapServer/MapServer/commit/01ca4389ec64cf4357a59debee02f38cd3b8aefd
Author: Max Kellermann <max.kellermann at gmail.com>
Date: 2021-10-05 (Tue, 05 Oct 2021)
Changed paths:
M mapshape.c
Log Message:
-----------
mapshape: check for negative sizes in msSHPReadAllocateBuffer()
Yet another buffer overflow found by libFuzzer.
Commit: d5eaaa0b37f66749f902e023f7c41c15799a451f
https://github.com/MapServer/MapServer/commit/d5eaaa0b37f66749f902e023f7c41c15799a451f
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2021-10-07 (Thu, 07 Oct 2021)
Changed paths:
M mapdraw.c
M maplabel.c
M mapmetadata.c
M mapogcfilter.c
M mapogcfiltercommon.cpp
M mapogcsld.c
M mappostgis.c
M mapprimitive.c
M mapproject.c
M mapregex.h
M mapscript/mapscript.i
M mapserv.c
M mapserver.h
M mapshape.c
M mapsmoothing.c
M mapstring.c
M maptemplate.c
M mapwms.c
M textlayout.c
Log Message:
-----------
Merge pull request #6418 from MaxKellermann/fuzzer2
Fix various security vulnerabilites found by libFuzzer, part 2
Compare: https://github.com/MapServer/MapServer/compare/68496037694e...d5eaaa0b37f6
More information about the mapserver-commits
mailing list