[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities
aboudreault at mapgears.com
Mon Oct 25 13:42:15 EDT 2010
A few changes have been applied to the patch since we talked about this.
Especially, the use of strlcat, strlcpy and the fix to get MapServer building
properly on Windows. If there is no objection, I'm going to commit this patch
wednesday or thursday. Assefa, can you attach your patch for nmake in the
On October 6, 2010 03:14:11 pm Daniel Morissette wrote:
> Yewondwossen Assefa wrote:
> > On 06/10/2010 2:21 PM, Daniel Morissette wrote:
> >> Yewondwossen Assefa wrote:
> >>> Building with MSVC (9), I get build errors for the following
> >>> declaration:
> >>> size_t buffer_size = 512;
> >>> char buffer[buffer_size]; #line 2209
> >>> mappostgis.c(2209) : error C2057: expected constant expression
> >>> mappostgis.c(2209) : error C2466: cannot allocate an array of constant
> >>> size 0
> >>> mappostgis.c(2209) : error C2133: 'buffer' : unknown size
> >>> I will change locally and continue the build.
> >> What change did you make? Was it enough to make buffer_size a const?
> > I tried const and static const but both did not work. For some reason
> > the variable is not seen as being constant at compile time. I have to
> > use the value 512 for it to compile, I will look if there are other ways.
> The patch uses something similar in several places in mapogcfilter.c as
> well (but using a 'const size_t' in those cases), do you confirm that
> those fail as well? If yes then Alan will have to rework the patch to
> avoid this issue.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the mapserver-dev