Opened 11 years ago

Closed 11 years ago

#2215 closed defect (fixed)

Gosmore crashes on some very large id

Reported by: Lambertus Owned by: ddean@…
Priority: major Milestone:
Component: gosmore Version:
Keywords: gosmore crash buffer overflow element id Cc:


Gosmore crashes while rebuilding a database using an Eurasia split made with Osmosis. This happens when two elements which contain some id (don't know what) get concatenated using sprintf. One of the id's gets too big and a buffer overflow occurs.

The error occurs on line 1266: char str[21]; sprintf (str, "%d %d", member[0], member[1]);

The error can be prevented when the str variable is declared with 22 bytes heap space.

Change History (1)

comment:1 Changed 11 years ago by Lambertus

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.