Permalink
Browse files

Prevent buffer overflow with raster queries with more than 4 bands

  • Loading branch information...
dmorissette committed Apr 7, 2015
1 parent 29bbefa commit 02dacd9658aba913671545a6ebb8fe532bdb2a1d
Showing with 5 additions and 1 deletion.
  1. +5 −1 maprasterquery.c
View
@@ -1286,12 +1286,14 @@ int msRASTERLayerGetItems(layerObj *layer)
#ifndef USE_GDAL
return MS_FAILURE;
#else
+ int maxnumitems = 0;
rasterLayerInfo *rlinfo = (rasterLayerInfo *) layer->layerinfo;
if( rlinfo == NULL )
return MS_FAILURE;
- layer->items = (char **) msSmallCalloc(sizeof(char *),10);
+ maxnumitems = 8 + (rlinfo->qc_values?rlinfo->band_count:0);
+ layer->items = (char **) msSmallCalloc(sizeof(char *),maxnumitems);
layer->numitems = 0;
if( rlinfo->qc_x_reproj )
@@ -1318,6 +1320,8 @@ int msRASTERLayerGetItems(layerObj *layer)
if( rlinfo->qc_count )
layer->items[layer->numitems++] = msStrdup("count");
+ assert(layer->numitems <= maxnumitems);
+
return msRASTERLayerInitItemInfo(layer);
#endif /* def USE_GDAL */
}

0 comments on commit 02dacd9

Please sign in to comment.