Crash possible from stale pointer in FdoGeometry object

[gavincramer]

Create a geometry object that inherits from FdoIGeometry (e.g. FdoILineString). Do not release the geometry object, but initiate shutting down the thread. Then release the geometry object. There may be a crash. It is very rare, but can happen.

This occurs because the geometry object has a lightweight pointer to the geometry factory that created it. This pointer is supposed to be NULL under normal circumstances. It should only be non-NULL when calling code specifically asks for a factory with a private object pool. However, the non-NULL case is always in effect. The default factory, in thread-local-storage, could be released first during thread shut-down.

This is a straightforward coding oversight. When there is no private object pool, the geometry objects should have no connection to a factory. The "Create..." methods in FdoFgfGeometryFactory need to be changed to pass NULL instead of 'this' when there is no private object pool. Some geometry object code also has obsolete NULL checks that need to be removed, since NULL is a valid value.

[gavincramer]

Fixed in trunk by:

Revision: 3692 Author: gavincramer Date: 3:08:04 PM, Wednesday, January 09, 2008 Message: FDO214 Crash possible from stale pointer in FdoGeometry object

---

Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/CurveString.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/GeometryFactory.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/MultiCurvePolygon.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/MultiGeometry.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/MultiLineString.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/MultiPoint.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/MultiPolygon.cpp Modified : /trunk/Fdo/Unmanaged/Src/Geometry/Fgf/Point.cpp