Opened 19 years ago
Closed 13 years ago
#1447 closed defect (fixed)
Missing DEFINE in configure script
| Reported by: | Owned by: | mapserverbugs | |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | Build Problems | Version: | 4.6 |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
This problem really touches on two areas, the configure script as well as the
code in the Mapserver C library. The problem is that virtually any output
through the IMAGEMAP outputformat results in segmentation faults. I
encountered the problem in perl Mapscript code, however, I learned that the
command line utilities, such as shp2img exhibit the same behavior. I'm unsure
of the scope of the problem.
An investigation of the problem led me to im_iprintf() routine in the
mapmygis.c source. This routine builds an output string by appending new
formatted output onto an existing string, allocating memory as necessary to
accommodate the growth. The SIGSEGV was being thrown by the realloc() within
that routine. This indicated to me that non-allocated memory had been trampled
on at some point, causing the realloc() to fail. Due to the nature of this
routine I suspected an out-of-bounds memory write so I began searching for the
culprit. Here's what I found:
The im_iprintf() routine relies on a call to vsnprintf() or vsprintf() to
format and append the new string to the old.
#if defined(HAVE_VSNPRINTF)
n = vsnprintf((*(ps->string)) + ps->string_len,
remaining, fmt, ap);
#else
n = vsprintf((*(ps->string)) + ps->string_len, fmt, ap);
#endif
An examination of the code shows that it is quite possible for the vsprintf()
call to write past the allocated boundary, however, I initially dismissed this
as being the cause of the problem because I knew that my Debian Linux platform
supported vsnprintf(). After some more investigation I realized that vsprintf
() was indeed being called. Although it's quite possible that I overlooked it,
I just couldn't find a mechanism within the distribution that would properly
set HAVE_VSNPRINTF. To resolve the issue, I added the following line to my
configure.in file and re-ran autoconf:
AC_CHECK_FUNC(vsnprintf, STRINGS="-DHAVE_VSNPRINTF $STRINGS")
This properly detected and set the HAVE_VSNPRINTF value.
This addresses the problem on my platform as the SIGSEGV is no longer thrown,
however, if there are platforms that don't support vsnprintf(), then the
existing vsprintf() code could lead to problems as it certainly does write
outside of the allocated segment. On platforms with good memory protection it
will likely just throw SIGSEGV, however, on other platforms it could result in
memory corruption. As such, in addition to looking into the 'configure' issue
it might be a good idea for someone to review the im_iprintf() routine when
using vsprintf().
Allow me to apologize in advance if any of my assumptions or assertions are
incorrect (and they very well could be). Thank you to all of the
Mapserver/Mapscript developers for your hard work on this fantastic product.
- Rob Parsons
Change History (1)
comment:1 by , 13 years ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
test for HAVE_VSNPRINTF is in configure.in since r5130 (see also #1613)