[mapserver-dev] A buffer overflow in maporaclespatial
Frank Warmerdam
warmerdam at pobox.com
Thu Jul 10 11:23:46 EDT 2008
Albert Rovira wrote:
> Hello,
>
> I get a core dump when I using this layer definition:
> After dig a bit in mapOracleSpatial.c, I see that table_name array is
> too small to hold the select string that is about 3200 bytes.
>
> Line 1628 in mapOracleSpatial.c:
>
> /* create SQL statement for retrieving shapes */
> int msOracleSpatialLayerWhichShapes( layerObj *layer, rectObj rect )
> {
> int success, i;
> int function = 0;
> int version = 0;
> char query_str[6000];
> char table_name[2000], geom_column_name[100], unique[100], srid[100];
>
>
> Can Mapserver team modify it to use dinamic strings ? If not, can
> Mapserver team make this array bigger ? It's a bit annoying must
> recompile mapserver only for this little bug.
Albert,
Please file a defect report on this. The main impediment to a fix is
that relatively few MapServer developers work with oracle (or have it
available) and so there aren't many people who could prepare the fix.
But if we file it in the bug system, hopefully someone will.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | President OSGeo, http://osgeo.org
More information about the mapserver-dev
mailing list