Ticket #1031 (closed defect: fixed)

Opened 9 years ago

Last modified 9 years ago

mapwms.c - pszMetadataName used uninitialized?

Reported by: warmerdam Owned by: mapserverbugs
Priority: high Milestone: 4.4 release
Component: WMS Server Version: 4.3
Severity: normal Keywords:
Cc:

Description 

In msDumpLayer() it seems that in at least some uses pszMetadataName *must*
be uninitialized and dangerous. 

For example this code shows all uses of pszMetadataName in the first section
of the function.  In the msOWSPrintEncodeMetadata() call it must be initialized,
whether completely, or pointing to already freed information.   Since I am not
sure of some of the intent I will leave it to the real maintainers to fix. 

   char *pszMetadataName;
...
   if (pszStyle)
   {
       pszMetadataName = (char*)malloc(strlen(pszStyle)+205);
       sprintf(pszMetadataName, "style_%s_legendurl_href", pszStyle);
       pszLegendURL = msOWSLookupMetadata(&(lp->metadata), "MO", pszMetadataName);
       msFree(pszMetadataName);
       
   }
   else
     pszStyle = "default";

       
   if(nVersion <= OWS_1_0_0 && pszLegendURL)
   {
       // First, print the style block
       fprintf(stdout, "        <Style>\n");
       fprintf(stdout, "          <Name>%s</Name>\n", pszStyle);
       fprintf(stdout, "          <Title>%s</Title>\n", pszStyle);

          
       // Inside, print the legend url block
       msOWSPrintEncodeMetadata(stdout, &(lp->metadata), "MO", 
                                pszMetadataName,
                                OWS_NOERR, 
                                "          <StyleURL>%s</StyleURL>\n", 
                                NULL);

       // close the style block
       fprintf(stdout, "        </Style>\n");
   }

Change History

Changed 9 years ago by assefa 

fixing this.

Changed 9 years ago by assefa

  • status changed from new to closed
  • resolution set to fixed
  • milestone set to 4.4 release 
Fixed.
Note: See TracTickets for help on using tickets.