[mapserver-dev] crash bug / win 7
Ned Harding
nharding at extendthereach.com
Mon Oct 5 18:29:17 EDT 2009
I ran into a subtle crash bug on Windows 7 that didn't happen on Vista.
It turned out that the fontset that I was using has an alias over 64
characters. msLoadFontSet(...) in mapLabel.c has a sscanf in it that
has a fixed size 64 character buffer. It seems the only reason that
win7 crashed and vista didn't is that win7 has better stack overrun
protection.
When I went to fix it to submit a patch, I realized that sscanf is used
a bunch of times in mapserver without any checking that the buffer is
big enough.
So the question is: are we ok with weird input causing a buffer overrun
& crash, or is this something that needs to get fixed? I can of course
fix my font set to work around this problem.
ned.
More information about the mapserver-dev
mailing list