Skip to content

Commit a791f70

Browse files
rouaultrouault
committed
HDF4-EOS: fix 2 heap-buffer-overflow
Fixes #14378 Fixes #14379
1 parent 58fce44 commit a791f70

5 files changed

Lines changed: 36 additions & 4 deletions

File tree

autotest/gcore/data/hdf4/issue_14378.he4

3.15 KB
Binary file not shown.

autotest/gcore/data/hdf4/issue_14379.he4

3.06 KB
Binary file not shown.

autotest/gcore/hdf4_read.py

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -619,3 +619,27 @@ def test_hdf4_gh_14363():
619619
pytest.skip()
620620

621621
gdal.Open("data/hdf4/issue_14363.he4")
622+
623+
624+
###############################################################################
625+
# Test bugfix for https://github.com/OSGeo/gdal/issues/14378
626+
627+
628+
def test_hdf4_gh_14378():
629+
630+
if gdaltest.hdf4_drv is None:
631+
pytest.skip()
632+
633+
gdal.Open("data/hdf4/issue_14378.he4")
634+
635+
636+
###############################################################################
637+
# Test bugfix for https://github.com/OSGeo/gdal/issues/14379
638+
639+
640+
def test_hdf4_gh_14379():
641+
642+
if gdaltest.hdf4_drv is None:
643+
pytest.skip()
644+
645+
gdal.Open("data/hdf4/issue_14379.he4")

frmts/hdf4/hdf-eos/GDapi.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1753,8 +1753,12 @@ GDfieldinfo(int32 gridID, const char *fieldname, int32 * rank, int32 dims[],
17531753

17541754
if (statmeta == 0)
17551755
{
1756-
memmove(utlstr, utlstr + 1, strlen(utlstr) - 2);
1757-
utlstr[strlen(utlstr) - 2] = 0;
1756+
const size_t len = strlen(utlstr);
1757+
if (len >= 2 && utlstr[0] == '(' && utlstr[len-1] == ')')
1758+
{
1759+
memmove(utlstr, utlstr + 1, len - 2);
1760+
utlstr[len - 2] = '\0';
1761+
}
17581762

17591763
/* Parse trimmed DimList string and get rank */
17601764
ndims = EHparsestr(utlstr, ',', ptr, slen);

frmts/hdf4/hdf-eos/SWapi.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1301,8 +1301,12 @@ SWfinfo(int32 swathID, const char *fieldtype, const char *fieldname,
13011301

13021302
if (statmeta == 0)
13031303
{
1304-
memmove(utlstr, utlstr + 1, strlen(utlstr) - 2);
1305-
utlstr[strlen(utlstr) - 2] = 0;
1304+
const size_t len = strlen(utlstr);
1305+
if (len >= 2 && utlstr[0] == '(' && utlstr[len-1] == ')')
1306+
{
1307+
memmove(utlstr, utlstr + 1, len - 2);
1308+
utlstr[len - 2] = '\0';
1309+
}
13061310

13071311
/* Parse trimmed DimList string and get rank */
13081312
ndims = EHparsestr(utlstr, ',', ptr, slen);

0 commit comments

Comments
 (0)