Context Navigation

← Previous Ticket
Next Ticket →

#1565 closed defect (fixed)

segfaults when removing/copying styles

Reported by:	sgillies@…	Owned by:	sdlime
Priority:	high	Milestone:	4.8 release
Component:	MapServer C Library	Version:	4.8
Severity:	critical	Keywords:
Cc:

Description

I ran the Python mapscript test suite today and hit a segfault when removing a
style from a class.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -151074304 (LWP 25897)]
0x0057d6f9 in free () from /lib/tls/libc.so.6
(gdb) where
#0  0x0057d6f9 in free () from /lib/tls/libc.so.6
#1  0x00bae735 in msFree () from ../../build/lib.linux-i686-2.3/_mapscript.so
#2  0x00bfb60d in msCopyStyle ()
   from ../../build/lib.linux-i686-2.3/_mapscript.so
#3  0x00c1407d in msRemoveStyle ()
   from ../../build/lib.linux-i686-2.3/_mapscript.so
#4  0x00b59703 in _wrap_classObj_removeStyle (self=0x0, args=0x9a624ac)

Change History (4)

comment:1 by sgillies@…, 18 years ago

Milestone:	→ 4.8 release
Severity:	normal → critical

Steve, other than the changes you made recently to msCopyStyle, I can't think of
what could be the cause. I did roll those back to no avail. Have you changed the
way you initialize styles?

comment:2 by sdlime, 18 years ago

Hey Sean: I've not touched the styleObj other than those couple of changes to 
the free'ing code. Do you have any more specific debugging information?

Steve

comment:3 by sgillies@…, 18 years ago

Steve, here's a trace with line numbers:

[sean@lenny cases]$ gdb python
GNU gdb Red Hat Linux (6.0post-0.20040223.19rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/tls/libthread_db.so.1".

(gdb) run styletest.py
Starting program: /usr/local/bin/python styletest.py
[Thread debugging using libthread_db enabled]
[New Thread -151074304 (LWP 5946)]
..........
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -151074304 (LWP 5946)]
0x0017620c in _int_free () from /lib/tls/libc.so.6
(gdb) where
#0  0x0017620c in _int_free () from /lib/tls/libc.so.6
#1  0x0017773b in free () from /lib/tls/libc.so.6
#2  0x003ec735 in msFree (p=0x48) at mapfile.c:192
#3  0x0043960d in msCopyStyle (dst=0x22d780, src=0x40b978) at mapcopy.c:416
#4  0x0045207d in msRemoveStyle (class=0x9900278, nStyleIndex=1)
    at classobject.c:163
#5  0x00397703 in _wrap_classObj_removeStyle (self=0x0, args=0xf6fa208c)
    at mapscript_wrap.c:2160

mapcopy.c:416 is the end of msCopyStyle. Maybe the macros are hiding something.
This particular problem is new since the first beta or maybe a little bit before.

comment:4 by sdlime, 18 years ago

Resolution:	→ fixed
Status:	new → closed

We were free'ing a potentially NULL pointer. Easy fix once found.

Steve

Note: See TracTickets for help on using tickets.

Download in other formats: