Skip to content
Permalink
Browse files

Prevent buffer overflow with raster queries with more than 4 bands

  • Loading branch information
dmorissette committed Apr 7, 2015
1 parent 29bbefa commit 02dacd9658aba913671545a6ebb8fe532bdb2a1d
Showing with 5 additions and 1 deletion.
  1. +5 −1 maprasterquery.c
@@ -1286,12 +1286,14 @@ int msRASTERLayerGetItems(layerObj *layer)
#ifndef USE_GDAL
return MS_FAILURE;
#else
int maxnumitems = 0;
rasterLayerInfo *rlinfo = (rasterLayerInfo *) layer->layerinfo;

if( rlinfo == NULL )
return MS_FAILURE;

layer->items = (char **) msSmallCalloc(sizeof(char *),10);
maxnumitems = 8 + (rlinfo->qc_values?rlinfo->band_count:0);
layer->items = (char **) msSmallCalloc(sizeof(char *),maxnumitems);

layer->numitems = 0;
if( rlinfo->qc_x_reproj )
@@ -1318,6 +1320,8 @@ int msRASTERLayerGetItems(layerObj *layer)
if( rlinfo->qc_count )
layer->items[layer->numitems++] = msStrdup("count");

assert(layer->numitems <= maxnumitems);

return msRASTERLayerInitItemInfo(layer);
#endif /* def USE_GDAL */
}

0 comments on commit 02dacd9

Please sign in to comment.
You can’t perform that action at this time.