[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities
Daniel Morissette
dmorissette at mapgears.com
Wed Oct 6 15:14:11 EDT 2010
Yewondwossen Assefa wrote:
> On 06/10/2010 2:21 PM, Daniel Morissette wrote:
>> Yewondwossen Assefa wrote:
>>> Building with MSVC (9), I get build errors for the following
>>> declaration:
>>> size_t buffer_size = 512;
>>> char buffer[buffer_size]; #line 2209
>>>
>>> mappostgis.c(2209) : error C2057: expected constant expression
>>> mappostgis.c(2209) : error C2466: cannot allocate an array of constant
>>> size 0
>>> mappostgis.c(2209) : error C2133: 'buffer' : unknown size
>>>
>>> I will change locally and continue the build.
>>>
>> What change did you make? Was it enough to make buffer_size a const?
>>
>>
> I tried const and static const but both did not work. For some reason
> the variable is not seen as being constant at compile time. I have to
> use the value 512 for it to compile, I will look if there are other ways.
>
The patch uses something similar in several places in mapogcfilter.c as
well (but using a 'const size_t' in those cases), do you confirm that
those fail as well? If yes then Alan will have to rework the patch to
avoid this issue.
--
Daniel Morissette
http://www.mapgears.com/
More information about the mapserver-dev
mailing list