首頁 探索 說明
登入
RONCC
/
Geografic-Information-System
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

diglib: fix for buffer overrrun, https://trac.osgeo.org/grass/ticket/1430

git-svn-id: https://svn.osgeo.org/grass/grass/trunk@47992 15284696-431f-4ddb-bdfa-cd5b030d7da7
Markus Metz 13 年之前
父節點
84ebd4745e
當前提交
0fa4aefe1b
共有 1 個文件被更改,包括 48 次插入48 次删除
分割檢視 顯示文件統計
  1. 48 48
      lib/vector/diglib/portable.c

+ 48 - 48
lib/vector/diglib/portable.c
查看文件 

@@ -186,10 +186,7 @@ int dig__fread_port_O(off_t *buf, size_t cnt, struct gvfile * fp, size_t port_of
 
 	    memset(buf, 0, cnt * sizeof(off_t));
 
 	    /* read from buffer in changed order */
 
 	    c1 = (unsigned char *)buffer;
 
-	    if (off_t_order == ENDIAN_LITTLE)
 
-		c2 = (unsigned char *)buf;
 
-	    else
 
-		c2 = (unsigned char *)buf + nat_off_t - port_off_t_size;
 
+	    c2 = (unsigned char *)buf;
 
 	    for (i = 0; i < cnt; i++) {
 
 		/* set to FF if the value is negative */
 
 		if (off_t_order == ENDIAN_LITTLE) {
 
@@ -200,7 +197,10 @@ int dig__fread_port_O(off_t *buf, size_t cnt, struct gvfile * fp, size_t port_of
 
 		    if (c1[0] & 0x80)
 
 			memset(c2, 0xff, sizeof(off_t));
 
 		}
 
-		memcpy(c2, c1, port_off_t_size);
 
+		if (off_t_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, port_off_t_size);
 
+		else
 
+		    memcpy(c2 + nat_off_t - port_off_t_size, c1, port_off_t_size);
 
 		c1 += port_off_t_size;
 
 		c2 += sizeof(off_t);
 
 	    }
 
@@ -281,10 +281,7 @@ int dig__fread_port_L(long *buf, size_t cnt, struct gvfile * fp)
 
 	    memset(buf, 0, cnt * sizeof(long));
 
 	    /* read from buffer in changed order */
 
 	    c1 = (unsigned char *)buffer;
 
-	    if (lng_order == ENDIAN_LITTLE)
 
-		c2 = (unsigned char *)buf;
 
-	    else
 
-		c2 = (unsigned char *)buf + nat_lng - PORT_LONG;
 
+	    c2 = (unsigned char *)buf;
 
 	    for (i = 0; i < cnt; i++) {
 
 		/* set to FF if the value is negative */
 
 		if (lng_order == ENDIAN_LITTLE) {
 
@@ -295,7 +292,10 @@ int dig__fread_port_L(long *buf, size_t cnt, struct gvfile * fp)
 
 		    if (c1[0] & 0x80)
 
 			memset(c2, 0xff, sizeof(long));
 
 		}
 
-		memcpy(c2, c1, PORT_LONG);
 
+		if (lng_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, PORT_LONG);
 
+		else
 
+		    memcpy(c2 + nat_lng - PORT_LONG, c1, PORT_LONG);
 
 		c1 += PORT_LONG;
 
 		c2 += sizeof(long);
 
 	    }
 
@@ -366,10 +366,7 @@ int dig__fread_port_I(int *buf, size_t cnt, struct gvfile * fp)
 
 	    memset(buf, 0, cnt * sizeof(int));
 
 	    /* read from buffer in changed order */
 
 	    c1 = (unsigned char *)buffer;
 
-	    if (int_order == ENDIAN_LITTLE)
 
-		c2 = (unsigned char *)buf;
 
-	    else
 
-		c2 = (unsigned char *)buf + nat_int - PORT_INT;
 
+	    c2 = (unsigned char *)buf;
 
 	    for (i = 0; i < cnt; i++) {
 
 		/* set to FF if the value is negative */
 
 		if (int_order == ENDIAN_LITTLE) {
 
@@ -380,7 +377,10 @@ int dig__fread_port_I(int *buf, size_t cnt, struct gvfile * fp)
 
 		    if (c1[0] & 0x80)
 
 			memset(c2, 0xff, sizeof(int));
 
 		}
 
-		memcpy(c2, c1, PORT_INT);
 
+		if (int_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, PORT_INT);
 
+		else
 
+		    memcpy(c2 + nat_int - PORT_INT, c1, PORT_INT);
 
 		c1 += PORT_INT;
 
 		c2 += sizeof(int);
 
 	    }
 
@@ -451,10 +451,7 @@ int dig__fread_port_S(short *buf, size_t cnt, struct gvfile * fp)
 
 	    memset(buf, 0, cnt * sizeof(short));
 
 	    /* read from buffer in changed order */
 
 	    c1 = (unsigned char *)buffer;
 
-	    if (shrt_order == ENDIAN_LITTLE)
 
-		c2 = (unsigned char *)buf;
 
-	    else
 
-		c2 = (unsigned char *)buf + nat_shrt - PORT_SHORT;
 
+	    c2 = (unsigned char *)buf;
 
 	    for (i = 0; i < cnt; i++) {
 
 		/* set to FF if the value is negative */
 
 		if (shrt_order == ENDIAN_LITTLE) {
 
@@ -465,7 +462,10 @@ int dig__fread_port_S(short *buf, size_t cnt, struct gvfile * fp)
 
 		    if (c1[0] & 0x80)
 
 			memset(c2, 0xff, sizeof(short));
 
 		}
 
-		memcpy(c2, c1, PORT_SHORT);
 
+		if (shrt_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, PORT_SHORT);
 
+		else
 
+		    memcpy(c2 + nat_shrt - PORT_SHORT, c1, PORT_SHORT);
 
 		c1 += PORT_SHORT;
 
 		c2 += sizeof(short);
 
 	    }
 
@@ -653,15 +653,15 @@ int dig__fwrite_port_O(const off_t *buf,
 
 	}
 
 	else if (nat_off_t > port_off_t_size) {
 
 	    buf_alloc(cnt * port_off_t_size);
 
-	    if (off_t_order == ENDIAN_LITTLE)
 
-		c1 = (unsigned char *)buf;
 
-	    else
 
-		c1 = (unsigned char *)buf + nat_off_t - port_off_t_size;
 
+	    c1 = (unsigned char *)buf;
 
 	    c2 = (unsigned char *)buffer;
 
 	    for (i = 0; i < cnt; i++) {
 
-		memcpy(c2, c1, port_off_t_size);
 
-		c1 += port_off_t_size;
 
-		c2 += sizeof(off_t);
 
+		if (off_t_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, port_off_t_size);
 
+		else
 
+		    memcpy(c2, c1 + nat_off_t - port_off_t_size, port_off_t_size);
 
+		c1 += sizeof(off_t);
 
+		c2 += port_off_t_size;
 
 	    }
 
 	    if (dig_fwrite(buffer, port_off_t_size, cnt, fp) == cnt)
 
 		return 1;
 
@@ -719,15 +719,15 @@ int dig__fwrite_port_L(const long *buf,
 
 	}
 
 	else {
 
 	    buf_alloc(cnt * PORT_LONG);
 
-	    if (lng_order == ENDIAN_LITTLE)
 
-		c1 = (unsigned char *)buf;
 
-	    else
 
-		c1 = (unsigned char *)buf + nat_lng - PORT_LONG;
 
+	    c1 = (unsigned char *)buf;
 
 	    c2 = (unsigned char *)buffer;
 
 	    for (i = 0; i < cnt; i++) {
 
-		memcpy(c2, c1, PORT_LONG);
 
-		c1 += PORT_LONG;
 
-		c2 += sizeof(long);
 
+		if (lng_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, PORT_LONG);
 
+		else
 
+		    memcpy(c2, c1 + nat_lng - PORT_LONG, PORT_LONG);
 
+		c1 += sizeof(long);
 
+		c2 += PORT_LONG;
 
 	    }
 
 	    if (dig_fwrite(buffer, PORT_LONG, cnt, fp) == cnt)
 
 		return 1;
 
@@ -775,15 +775,15 @@ int dig__fwrite_port_I(const int *buf,
 
 	}
 
 	else {
 
 	    buf_alloc(cnt * PORT_INT);
 
-	    if (int_order == ENDIAN_LITTLE)
 
-		c1 = (unsigned char *)buf;
 
-	    else
 
-		c1 = (unsigned char *)buf + nat_int - PORT_INT;
 
+	    c1 = (unsigned char *)buf;
 
 	    c2 = (unsigned char *)buffer;
 
 	    for (i = 0; i < cnt; i++) {
 
-		memcpy(c2, c1, PORT_INT);
 
-		c1 += PORT_INT;
 
-		c2 += sizeof(int);
 
+		if (int_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, PORT_INT);
 
+		else
 
+		    memcpy(c2, c1 + nat_int - PORT_INT, PORT_INT);
 
+		c1 += sizeof(int);
 
+		c2 += PORT_INT;
 
 	    }
 
 	    if (dig_fwrite(buffer, PORT_INT, cnt, fp) == cnt)
 
 		return 1;
 
@@ -831,15 +831,15 @@ int dig__fwrite_port_S(const short *buf,
 
 	}
 
 	else {
 
 	    buf_alloc(cnt * PORT_SHORT);
 
-	    if (shrt_order == ENDIAN_LITTLE)
 
-		c1 = (unsigned char *)buf;
 
-	    else
 
-		c1 = (unsigned char *)buf + nat_shrt - PORT_SHORT;
 
+	    c1 = (unsigned char *)buf;
 
 	    c2 = (unsigned char *)buffer;
 
 	    for (i = 0; i < cnt; i++) {
 
-		memcpy(c2, c1, PORT_SHORT);
 
-		c1 += PORT_SHORT;
 
-		c2 += sizeof(short);
 
+		if (shrt_order == ENDIAN_LITTLE)
 
+		    memcpy(c2, c1, PORT_SHORT);
 
+		else
 
+		    memcpy(c2, c1 + nat_shrt - PORT_SHORT, PORT_SHORT);
 
+		c1 += sizeof(short);
 
+		c2 += PORT_SHORT;
 
 	    }
 
 	    if (dig_fwrite(buffer, PORT_SHORT, cnt, fp) == cnt)
 
 		return 1;