| View Issue Details [ Jump to Notes ] | [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0007518 | VTK | (No Category) | public | 2008-08-20 23:29 | 2008-09-12 11:22 | ||||
| Reporter | Vince Magnotta | ||||||||
| Assigned To | Karthik Krishnan | ||||||||
| Priority | normal | Severity | minor | Reproducibility | sometimes | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | |||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0007518: vtkDataReader Memory Errors | ||||||||
| Description | This is a potential invalid memory write in the DecodeString() method. This would produce a segmentation fault under certain builds. This bug was verified with valgrind. The bug is related to the calls from the ReadArray() method at lines 1610 and 1629. Just before these calls a character array, decoded, of length (length+1) is being allocated. This array is then passed into DecodeString(). If the decoded string is the same length as the original string then Decode writes a value 1 byte beyond the bounds of the array on line 3033. Either the original array allocated needs to be larger or line 3033 should be resname[reslen] = 0; instead of resname[reslen+1] = 0; | ||||||||
| Tags | No tags attached. | ||||||||
| Project | |||||||||
| Type | |||||||||
| Attached Files | |||||||||
| Relationships | |
| Relationships |
| Notes | |
|
(0013427) Karthik Krishnan (reporter) 2008-09-11 11:55 |
Fixed in CVS. /cvsroot/VTK/VTK/IO/vtkDataReader.cxx,v <-- vtkDataReader.cxx new revision: 1.158; previous revision: 1.157 @@ -3163,7 +3163,7 @@ cc ++; } strncpy(resname, str.str().c_str(), reslen+1); - resname[reslen] = 0; + resname[reslen+1] = 0; return static_cast<int>(reslen); } |
|
(0013452) David Cole (developer) 2008-09-12 11:22 |
Fix also merged to the VTK-5-2 branch: /cvsroot/VTK/VTK/IO/vtkDataReader.cxx,v <-- IO/vtkDataReader.cxx new revision: 1.153.2.2; previous revision: 1.153.2.1 |
| Notes |
| Issue History | |||
| Date Modified | Username | Field | Change |
| 2008-08-20 23:29 | Vince Magnotta | New Issue | |
| 2008-09-11 11:55 | Karthik Krishnan | Note Added: 0013427 | |
| 2008-09-11 11:56 | Karthik Krishnan | Assigned To | => Karthik Krishnan |
| 2008-09-11 11:56 | Karthik Krishnan | Status | backlog => @80@ |
| 2008-09-11 11:56 | Karthik Krishnan | Resolution | open => fixed |
| 2008-09-12 11:22 | David Cole | Status | @80@ => closed |
| 2008-09-12 11:22 | David Cole | Note Added: 0013452 | |
| 2011-06-16 13:11 | Zack Galbreath | Category | => (No Category) |
| Issue History |
| Copyright © 2000 - 2018 MantisBT Team |