[mapserver-dev] Corrupt index file causes a crash in mapserver

[Lime, Steve D (MNIT)]

+1 from me for your pull request. Should we create separate tickets for the other couple of scenarios you mention? --Steve

From: mapserver-dev [mailto:mapserver-dev-bounces at lists.osgeo.org] On Behalf Of Tamas Szekeres
Sent: Sunday, March 10, 2019 7:19 AM
To: mapserver-dev at lists.osgeo.org
Subject: [mapserver-dev] Corrupt index file causes a crash in mapserver

Hi Developers,

I've resurrected an old bug which has been closed as "wontfix", because we have run into the same issue recently:

https://github.com/mapserver/mapserver/issues/2362<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmapserver%2Fmapserver%2Fissues%2F2362&data=02%7C01%7Csteve.lime%40state.mn.us%7C569c2255524b43c6a27008d6a552936c%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C636878171425744422&sdata=QiXU2Wpk3ROCDhanlYM%2BHmSz%2B%2FueQWkmSBz%2Bp4bqjEc%3D&reserved=0>

I don't think it is a good solution to leave mapserver in a memory corrupted state instead of providing a meningful error message and safely continue the operation. So I've created a pull request to provide a solution for this particular use case, however as far as I see it might also require some further investigation how a corrupted index file may cause troubles to mapserver.

For example I wonder if the index contains a feature id greater than the number of features, it may cause a buffer overrun in msSetBit (mapbits.c). Also what happens if a part of a file is missing, so an offset to a treenode points beyond the end of the file.

Best regards,

Tamas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20190311/fc7ae92e/attachment.html>