[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities

Daniel Morissette dmorissette at mapgears.com
Wed Oct 6 15:14:11 EDT 2010

Yewondwossen Assefa wrote:
>  On 06/10/2010 2:21 PM, Daniel Morissette wrote:
>> Yewondwossen Assefa wrote:
>>> Building with MSVC (9), I get build errors for the following
>>> declaration:
>>> size_t buffer_size = 512;
>>>   char buffer[buffer_size];  #line 2209
>>> mappostgis.c(2209) : error C2057: expected constant expression
>>> mappostgis.c(2209) : error C2466: cannot allocate an array of constant
>>> size 0
>>> mappostgis.c(2209) : error C2133: 'buffer' : unknown size
>>>   I will change locally and continue the build.
>> What change did you make? Was it enough to make buffer_size a const?
> I tried const and static const but both did not work. For some reason
> the variable is not seen as being constant at compile time. I have to
> use the value 512 for it to compile, I will look if there are other ways.

The patch uses something similar in several places in mapogcfilter.c as
well (but using a 'const size_t' in those cases), do you confirm that
those fail as well? If yes then Alan will have to rework the patch to
avoid this issue.

Daniel Morissette

More information about the mapserver-dev mailing list