Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#1513 closed defect (fixed)

Passing file handles to GD functions may cause unhandled exception on Windows

Reported by: szekerest Owned by: warmerdam
Priority: high Milestone:
Component: MapServer C Library Version: 4.6
Severity: major Keywords:
Cc:

Description

Passing file handles to GD functions may cause unhandled exception on Windows. 
As a sample scenario when placing the file name of the image symbol (gif or 
png) into the map file instead of the symbol definition file an unhandled 
exception occurs in mapsymbol.c, line 517

call stack:

  ntdll.dll!RtlpWaitForCriticalSection()  + 0x8a
  ntdll.dll!RtlEnterCriticalSection()  + 0x46
  bgd.dll!gdNewFileCtx@4()  + 0xe6
  bgd.dll!gdImageGd2Ptr@16()  + 0x3e6
  bgd.dll!gdImageCreateFromPngCtx@4()  + 0x5b
  bgd.dll!gdImageCreateFromPng@4()  + 0x27
> libmap.dll!msAddImageSymbol(symbolSetObj * symbolset=0x00cfa188,
char * filename=0x003ffc18)  Line 517 + 0xd C
  libmap.dll!msGetSymbolIndex(symbolSetObj * symbols=0x00cfa188,
char * name=0x003ffc18, int try_addimage_if_notfound=1)  Line 326 + 0xd C
  libmap.dll!loadMapInternal(char * filename=0x00cf9c90, char *
new_mappath=0x00000000)  Line 4347 + 0x48 C
  libmap.dll!msLoadMap(char * filename=0x00cf9c90, char *
new_mappath=0x00000000)  Line 4499 + 0xd C
  mapserv.exe!00401728()
  msvcr71.dll!_nh_malloc(unsigned int size=0, int nhFlag=0)  Line 113
 C
  mapserv.exe!0040473e()
  ntdll.dll!RtlCreateHeap()  + 0x1046
  ntdll.dll!LdrShutdownThread()  + 0x20a4
  ffff3085()

This issue could be fixed by replacing gdImageCreateFromXXX(stream) to the 
corresponding gdImageCreateFromXXXCtx(ctx) in the mapserver code.

By compiling bgd.dll and libmap.dll with the same compiler version using /MD 
this problem  could also help to eliminate this problem.

Tamas Szekeres

Attachments (1)

mapsymbol.c (32.5 KB ) - added by szekerest 18 years ago.
a possible solution

Download all attachments as: .zip

Change History (9)

comment:1 by fwarmerdam, 18 years ago

Cc: warmerdam@… added

comment:2 by sdlime, 18 years ago

> This issue could be fixed by replacing gdImageCreateFromXXX(stream) to the 
> corresponding gdImageCreateFromXXXCtx(ctx) in the mapserver code.

Has this been tested and verified to work?

Steve

comment:3 by fwarmerdam, 18 years ago

This general approach should work Steve.  If you like, you can reassign this
bug to me, and I will try to do it this week so the fix will be in beta2. 


by szekerest, 18 years ago

Attachment: mapsymbol.c added

a possible solution

comment:4 by sdlime, 18 years ago

Owner: changed from sdlime to fwarmerdam
Is mapscript affected by this (or does is just wrap the code in question)? 
Reassigning to Frank...

comment:5 by szekerest, 18 years ago


mapogcsld.c
mapraster.c
mapsymbol.c
sym2img.c
image.i (line 98)

are canditates to suffer from this issue.


Tamas Szekeres


comment:6 by szekerest, 18 years ago


May I expect that at least the following modifications will be done in any of 
the upcoming releases. Without this I shall have to make them manually to have 
mapserver work;

In mapsymbol.c

line 471
char bytes[8], szPath[MS_MAXPATHLEN];
> gdIOCtx *ctx;

line 510

#ifdef USE_GD_GIF
< symbolset->symbol[i].img = gdImageCreateFromGif(stream);

>ctx = msNewGDFileCtx(stream);
>    symbolset->symbol[i].img = gdImageCreateFromGifCtx(ctx);
>    ctx->gd_free(ctx);
    
line 521

#ifdef USE_GD_PNG
< symbolset->symbol[i].img = gdImageCreateFromPng(stream);

>ctx = msNewGDFileCtx(stream);
>	symbolset->symbol[i].img = gdImageCreateFromPngCtx(ctx);
>    ctx->gd_free(ctx);
 

comment:7 by fwarmerdam, 18 years ago

Resolution: fixed
Status: newclosed
Tamas, 

I have applied and verified your fix.  I have also introduced
a test in msautotest/misc/rast_symbol.map for this issue. 

The fix should be in beta3.  Sorry for sitting on this so long. 

comment:8 by fwarmerdam, 18 years ago

Unfortunately, I neglected to commit the actual fix till today.  It should
be in 4.8.0 final.
Note: See TracTickets for help on using tickets.