Opened 13 years ago
Closed 13 years ago
#541 closed defect/bug (fixed)
an integer overflow in clip_line_code can cause infinite loop
Reported by: | timo lindfors | Owned by: | KaZeR |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | core | Version: | git master |
Severity: | Keywords: | ||
Cc: |
Description
Steps to reproduce: 1) wget http://downloads.cloudmade.com/europe/finland/finland.osm.bz2 2) bunzip2 finland.osm.bz2 3) osm2navit -i finland.osm finland.bin Expected results: 3) osm2navit creates finland.bin Actual results: 3) osm2navit does not exit. More info: 1) It seems that if clip_line_code is called with *p1 = {x = 2812500, y = 9466386} *r = {l = {x = 2851562, y = 9492187}, h = {x = 2890625, y = 9531250}} *p2 = {x = 2862940, y = 9531250} an integer overflow will happen on line p1->y+=(r->l.x-p1->x)*dy/dx; since (2851562 - 2812500) * 64864 is larger than 2**31 and thus overflows and results in a negative value. 2) One solution seems to be to make dx and dy of type "long long". 3) I am using the debian testing maptool package 0.2.0~svn2897+dfsg.1-1 on amd64.
Change History (1)
comment:1 Changed 13 years ago by kazer
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Fixed in rev 2944. Thank you!