MantisBT - VTK
View Issue Details
0007518VTK(No Category)public2008-08-20 23:292008-09-12 11:22
Vince Magnotta 
Karthik Krishnan 
normalminorsometimes
closedfixed 
 
 
0007518: vtkDataReader Memory Errors
This is a potential invalid memory write in the DecodeString() method. This would produce a segmentation fault under certain builds. This bug was verified with valgrind. The bug is related to the calls from the ReadArray() method at lines 1610 and 1629. Just before these calls a character array, decoded, of length (length+1) is being allocated. This array is then passed into DecodeString().

If the decoded string is the same length as the original string then Decode writes a value 1 byte beyond the bounds of the array on line 3033. Either the original array allocated needs to be larger or line 3033 should be

resname[reslen] = 0;

instead of

resname[reslen+1] = 0;

No tags attached.
Issue History
2008-08-20 23:29Vince MagnottaNew Issue
2008-09-11 11:55Karthik KrishnanNote Added: 0013427
2008-09-11 11:56Karthik KrishnanAssigned To => Karthik Krishnan
2008-09-11 11:56Karthik KrishnanStatusbacklog => @80@
2008-09-11 11:56Karthik KrishnanResolutionopen => fixed
2008-09-12 11:22David ColeStatus@80@ => closed
2008-09-12 11:22David ColeNote Added: 0013452
2011-06-16 13:11Zack GalbreathCategory => (No Category)

Notes
(0013427)
Karthik Krishnan   
2008-09-11 11:55   
Fixed in CVS.

/cvsroot/VTK/VTK/IO/vtkDataReader.cxx,v <-- vtkDataReader.cxx
new revision: 1.158; previous revision: 1.157


@@ -3163,7 +3163,7 @@
     cc ++;
     }
   strncpy(resname, str.str().c_str(), reslen+1);
- resname[reslen] = 0;
+ resname[reslen+1] = 0;
   return static_cast<int>(reslen);
 }
(0013452)
David Cole   
2008-09-12 11:22   
Fix also merged to the VTK-5-2 branch:

    /cvsroot/VTK/VTK/IO/vtkDataReader.cxx,v <-- IO/vtkDataReader.cxx
    new revision: 1.153.2.2; previous revision: 1.153.2.1