Steema Issues Database

Note: This database is for bugs and wishes only. For technical support help, if you are a customer please visit our online forums;
otherwise you can use StackOverflow.
Before using this bug-tracker we recommend a look at this document, Steema Bug Fixing Policy.



Bug 495 - Buffer overrun in TSeriesBandTool.DrawBandTool
Summary: Buffer overrun in TSeriesBandTool.DrawBandTool
Status: RESOLVED WORKSFORME
Alias: None
Product: VCL TeeChart
Classification: Unclassified
Component: Series (show other bugs)
Version: unspecified
Hardware: PC Windows
: --- major
Target Milestone: ---
Assignee: Steema Issue Manager
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-03 00:38 EST by Marc Durdin
Modified: 2013-12-04 08:20 EST (History)
1 user (show)

See Also:
Chart Series: ---
Delphi / C++ Builder RAD IDE Version:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Durdin 2013-12-03 00:38:13 EST 
The TSeriesBandTool.DrawBandTool function has a buffer overrun when it writes to the tmpPoints array.  Specifically, the length of the array is short by 2, 3, or 4 values.

The following code increments the length of the array, but then is not checked correctly when starting the iteration:

      // First point outside chart
      if Series.DrawBetweenPoints and (Series.FirstValueIndex>0) then
         Inc(l1);

 ...

         tmpMax:=Math.Max(0,Series.FirstValueIndex-1);

The fix should either be:

a) test for Series.DrawBetweenPoints when calculating tmpMax; or
b) don't test for Series.DrawBetweenPoints when calculating l1.

And the same fix must be applied for Series2.DrawBetweenPoints/l2.

I not not entirely clear on which is the appropriate solution, as I don't understand the reasoning behind the initial check for Series.DrawBetweenPoints.
Comment 1 david berneda 2013-12-04 08:20:37 EST 
This problem should be fixed in latest sources.
Can you attach here a test project?

In the latest version, DrawBandTool had been changed quite a bit and there shouldn't be any overrun.

Also, the series DrawBetweenPoints property is no longer used.

(DrawBetweenPoints is True for series that need to paint in-between one point and the next point, like Line or Area series).