Opened 19 years ago
Closed 18 years ago
#1460 closed defect (duplicate)
double free in loadSymbolSet
| Reported by: | Owned by: | sdlime | |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | MapServer C Library | Version: | 4.8 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
If loadSymbol fails for some reason, it'll fclose msyyin and returns to
loadSymbolSet, which will try to fclose msyyin once again, which crashes libc
with double free check compiled in(which is default option for Fedora Core 4
for exampel)
But since loadSymbol is only called from loadSymbolSet and loadSymbolSet always
fcloses msyyin, why one should have to bother himself to close msyyin in
loadSymbol. I propose to comment all fclose(msyyin) in loadSymbol.
This can be done applying following patch:
--- mapserver-4.6.1/mapsymbol.orig.c 2005-09-08 10:16:32.000000000 +0400
+++ mapserver-4.6.1/mapsymbol.c 2005-09-08 10:23:03.000000000 +0400
@@ -249,7 +249,7 @@
case(IMAGE):
if(msyylex() != MS_STRING) { /* get image location from next token */
msSetError(MS_TYPEERR, "Parsing error near (%s):(line %d)",
"loadSymbol()", msyylineno);
- fclose(msyyin);
+ /* fclose(msyyin); */
return(-1);
}
@@ -257,7 +257,7 @@
{
msSetError(MS_IOERR, "Parsing error near (%s):(line %d)", "loadSymbol()",
msyytext, msyylineno);
- fclose(msyyin);
+ /* fclose(msyyin); */
return(-1);
}
@@ -296,7 +296,7 @@
if(s->img == NULL) {
msSetError(MS_GDERR, NULL, "loadSymbol()");
- fclose(msyyin);
+ /* fclose(msyyin); */
return(-1);
}
break;
@@ -331,7 +331,7 @@
default:
msSetError(MS_TYPEERR, "Parsing error near (%s):(line %d)",
"loadSymbol()",
msyytext, msyylineno);
- fclose(msyyin);
+ /* fclose(msyyin); */
return(-1);
}
@@ -361,7 +361,7 @@
default:
msSetError(MS_TYPEERR, "Parsing error near (%s):(line %d)",
"loadSymbol()",
msyytext, msyylineno);
- fclose(msyyin);
+ /* fclose(msyyin); */
return(-1);
}
if(done == MS_TRUE)
@@ -386,7 +386,7 @@
default:
msSetError(MS_IDENTERR, "Parsing error near (%s):(line %d)", "loadSymbol()",
msyytext, msyylineno);
- fclose(msyyin);
+ /* fclose(msyyin); */
return(-1);
} /* end switch */
} /* end for */
Attachments (1)
Change History (4)
by , 19 years ago
| Attachment: | mapserver-loadSymbol.patch added |
|---|
comment:1 by , 19 years ago
I think this bug has already reported in Bug #178, I was faced with the same problem when I specified a wrong symbol filename in a symbolset file. At that time I was a novice mapserver user, so I had a hard time trying to figure out what happened to the mapserver. Personally, I adopt this patch to mapserver-4.6.1 right now to avoid a cumbersome "Internal Server Error" in the apache HTTPD server, but I think adopting this patch to the official release would be much better.
comment:2 by , 19 years ago
| Status: | new → assigned |
|---|---|
| Version: | 4.6 → 4.8 |
It'll make it into 4.8 which is due in beta in about 10 days... Steve
comment:3 by , 18 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | assigned → closed |
This is a duplicate of 178. loadSymbol shouldn't close anyfiles that is doesn't open. My guess is this is a result of a careless cut and paste by me when I made it possible to embed symbols in the mapfile independent of the symbolset. I have removed all of the fclose(msyyin) lines... Steve *** This bug has been marked as a duplicate of 178 ***
Note:
See TracTickets
for help on using tickets.
patch that fixes double close problem in loadSymbol/loadSymbolset