Commit 8a7f62ed authored by Laurent Rineau's avatar Laurent Rineau

Fix ASAN error use-after-free in vtkSEPReader

The previous implementation os vtkSEPReader had a use-after-free.

The function `vtkSEPReader::ReplaceFileName(..)` started with:

```c++
  delete[] this->FileName;
```

And that means that the string pointed by `FileName` was
destroyed. Even if the value of `FileName` was stored in the local
variable `fileName`, in `vtkSEPReader::RequestData`, the string
pointed by it was destroyed!

The patch of this commit is a lot simpler: both the string pointed by
`FileName` and the one that will replace it already exist in memory,
and will not be modified during the run of `RequestData`. So we can
just swap the pointers, without any need to memory
allocation/deallocation to copy the strings.
parent 653fee07
......@@ -84,13 +84,18 @@ int vtkSEPReader::RequestData(vtkInformation *request,
{
// Replace the filename with the data file and delegate the reading of this
// raw data to the underlying vtkImageReader
const char *fileName = this->FileName;
this->ReplaceFileName(this->DataFile.c_str());
char * const fileName = this->FileName;
// This `const_cast` is valid because the `RequestData` of
// `Superclass` does not try to modify the string pointed by
// `FileName`. (It does not modify the pointer `FileName` as well,
// but that is not why the `const_cast` is valid.)
this->FileName = const_cast<char*>(this->DataFile.c_str());
int res = this->Superclass::RequestData(request, inputVector, outputVector);
// Restore the user providen filename (the header file)
this->ReplaceFileName(fileName);
// Restore the user provided filename (the header file)
this->FileName = fileName;
return res;
}
......@@ -210,24 +215,3 @@ int vtkSEPReader::ReadHeader()
return 1;
}
//----------------------------------------------------------------------------
// Replace FileName without calling Modified()
void vtkSEPReader::ReplaceFileName(const char *name)
{
if (this->FileName && name && (!strcmp(this->FileName, name)))
{
return;
}
if (!name && !this->FileName)
{
return;
}
delete[] this->FileName;
this->FileName = nullptr;
if (name)
{
this->FileName = new char[strlen(name) + 1];
strcpy(this->FileName, name);
}
}
......@@ -52,7 +52,6 @@ protected:
int ReadHeader();
void ReplaceFileName(const char* fname);
std::string DataFile;
private:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment