Opened 16 years ago

Closed 16 years ago

#2252 closed defect (fixed)

gdalwarp crash when converting to UTM coordinates (v 1.5.0)

Reported by: emiller Owned by: warmerdam
Priority: normal Milestone: 1.5.1
Component: Utilities Version: 1.5.0
Severity: normal Keywords: UTM gdalwarp crash win32
Cc:

Description

InsertCenterLong tries to delete poExt twice, once when it goes out of scope and once as part of oSRS when oSRS goes out of scope.

Can be fixed by modifying one line: oSRS.GetRoot()->AddChild( poExt ); -> oSRS.GetRoot()->AddChild( poExt->Clone() );

Change History (2)

comment:1 by emiller, 16 years ago

InsertCenterLong? tries to delete poExt twice, once when it goes out of scope and once as part of oSRS when oSRS goes out of scope.

Can be fixed by modifying one line: oSRS.GetRoot?()->AddChild?( poExt ); -> oSRS.GetRoot?()->AddChild?( poExt->Clone() );

comment:2 by warmerdam, 16 years ago

Component: defaultUtilities
Keywords: win32 added
Milestone: 1.5.1
Resolution: fixed
Status: newclosed
Version: unspecified1.5.0

Eric,

I have reviewed the code:

/* -------------------------------------------------------------------- */
/*      Insert center long.                                             */
/* -------------------------------------------------------------------- */
    OGRSpatialReference oSRS( osWKT );
    double dfCenterLong = (dfMaxLong + dfMinLong) / 2.0;
    OGR_SRSNode *poExt;

    poExt  = new OGR_SRSNode( "EXTENSION" );
    poExt->AddChild( new OGR_SRSNode( "CENTER_LONG" ) );
    poExt->AddChild( new OGR_SRSNode( CPLString().Printf("%g",dfCenterLong) ));
    
    oSRS.GetRoot()->AddChild( poExt );

/* -------------------------------------------------------------------- */
/*      Convert back to wkt.                                            */
/* -------------------------------------------------------------------- */
    char *pszWKT = NULL;
    oSRS.exportToWkt( &pszWKT );
    
    osWKT = pszWKT;
    CPLFree( pszWKT );

    return osWKT;
}

The poExt is just a pointer, and it's falling out of scope does *not* result in it's being destroyed. I am guessing you are running into the "mixed heaps" problem on windows. That is, the new is evaluated in gdalwarp's heap, but the delete takes place in the GDAL DLL's heap.

I have corrected this with the clone you suggest (so the node passed to AddChild() is allocated in the dll, and also an explicit delete of the copy managed by GDAL.

Fixed in trunk (r13896) and 1.5 branch (r13897).

Note: See TracTickets for help on using tickets.