[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities

Daniel Morissette dmorissette at mapgears.com
Wed Oct 6 12:04:23 EDT 2010

Following up on this, Alan made some tests with GCC's "-ansi -pedantic"
flags, and here is what we found:

Daniel Morissette wrote:
> Initializing a variable (and arrays) with a non-static value is not
> valid in ANSI C (a.k.a. C89/90) and may not work on all compilers. I
> know of at least VC++ on Windows that will fail.
> i.e. the following pattern added in mapfile.c (and possibly elsewhere)
>         size_t buffer_size = 10 + strlen(value+5) + 1;
>  	char *init_string = (char*)malloc(buffer_size);
> should be replaced with:


The code above is not reported as problematic by gcc -ansi -pedantic. So
it seems that I was wrong in thinking that initializing a variable from
a non-static value was invalid in C89/90. Nothing to change in Alan's
patch for this.

> I also noticed the following pattern in a few places. I don't know if
> that's allowed or not in C89/90. Since bufferSize is a const that may be
> okay, but I'm not 100% sure:
>     const size_t bufferSize = 1024;
>     char szBuffer[bufferSize];

Unfortunately GCC reports this construct as invalid ("ISO C90 forbids
variable length array"), even if bufferSize is a const.  :-(

This construct is used in several places, so I still think we should
wait for reports from someone testing with VC++ since it's the main
compiler we support that doesn't support C99 extensions (such as
variable length array declarations) and is likely the one that will
dictate whether we can use this construct or not in the code.

Daniel Morissette

More information about the mapserver-dev mailing list