Группа :: Система/Библиотеки
Пакет: spatialindex
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: fix-oob-crash.patch
Скачать
Скачать
From d056d8e577b43740180f1a7d2295f77c9149d8a1 Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Tue, 28 Nov 2017 05:03:40 -0500
Subject: [PATCH] Fix array allocation in Index_GetLeaves.
When filling the array, it iterates through `nDimension` elements, but
only allocates `nLeafSizes[k]` entries. This causes out-of-bounds access
when dimensions are greater than leafs.
---
src/capi/sidx_api.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/capi/sidx_api.cc b/src/capi/sidx_api.cc
index af3bc82..b33ba3f 100644
--- a/src/capi/sidx_api.cc
+++ b/src/capi/sidx_api.cc
@@ -1693,8 +1693,8 @@ SIDX_C_DLL RTError Index_GetLeaves( IndexH index,
(*nLeafSizes)[k] = (uint32_t)ids.size();
(*nLeafChildIDs)[k] = (int64_t*) malloc( (*nLeafSizes)[k] * sizeof(int64_t));
- (*pppdMin)[k] = (double*) malloc ( (*nLeafSizes)[k] * sizeof(double));
- (*pppdMax)[k] = (double*) malloc ( (*nLeafSizes)[k] * sizeof(double));
+ (*pppdMin)[k] = (double*) malloc (*nDimension * sizeof(double));
+ (*pppdMax)[k] = (double*) malloc (*nDimension * sizeof(double));
for (uint32_t i=0; i< *nDimension; ++i) {(*pppdMin)[k][i] = b->getLow(i);
(*pppdMax)[k][i] = b->getHigh(i);