MapServer crashes in legend mode when works with long templates

[mcoladas@…]

The legend template option MapServer crashes in some cases. I atach a test case to reproduce (mapfile, legend template and url) this problem. The legend template of this test case shows 12 lines of text for layer. When i remove a line in the template MapServer works. It seems that when I put a lot of layers visibles in the legend, or layers with a lot of text content MapServer crashes.

[mcoladas@…]

This file (*.tgz) include a legend template, a mapfile and a url of example

[mcoladas@…]

*** Bug 1945 has been marked as a duplicate of this bug. ***

[nfarrell@…]

I have replicated this bug and investigated a little:

with our map file and legends HTML template, no legend is generated. If many
layers are removed it renders correctly.

Working through the code: in generateLegendTemplate(...), it appears that
strcatalloc() is the problem: when it tries to append a 640byte string to
~6600byte pszResult string, it returns a NULL.

In my case, this occurs on the 10th iteration through the layers in the group,
at the strcatalloc(pszResult, legLayerHtmlCopy) command. 

[nfarrell@…]

Workaround for the legend crash bug

[sdlime]

Reassigning to the owners of the HTML legend code (I have enough bugs at the moment)...

Steve

[dmorissette]

Funny, I remembered about this issue and was surprised to not see this bug on my list yesterday. Taking it.

[dmorissette]

mcoladas, were you getting a crash (i.e. segmentation fault), or just empty output?

Using the map and template attached in test.tgz I found one problem, but it's not a crash: msIO_printf() just silently doesn't print anything because the output would be 8126 bytes which is larger than the 8000 bytes buffer allocated by the function. I have filed ticket #2213 about fixing msIO_printf() to at least produce an error instead of silently doing nothing, but that won't fix our issue with large legends.

I think the fix for the large legend issue will be to use msIO_fwrite() to dump the legend contents instead of msIO_printf(). I'm going to experiment with that now.

[dmorissette]

Fixed in r1946, using msIO_fwrite() instead of msIO_fprintf() to dump the template output.

Note that we had a similar issue with large HTML legends in mode=browse (would result in no/empty legend showing up in the browse template) and I have verified that this is fixed as well.

[dmorissette]

Sorry, typo, the revision with the fix is r6504.

[jparapar]

Daniel:

Thanks for the fix.

We were getting a crash (see  http://lists.umn.edu/cgi-bin/wa?A2=ind0610&L=mapserver-users&T=0&F=&S=&P=29036) but I am not able to reproduce it now (with 4.10 nor 4.10.2 versions).

We have compiled beta 3 and tested it and we have found a new issue, not related to the size of the output html file but related to legend icons of raster layers. I attach (test2.zip) a new test case. If [leg_icon] is dropped from the legend template it works. Here is the valgrind output:

# valgrind ./mapserv5b3 QUERY_STRING='map=/tmp/test2/test2.map&mode=legend&mapext=458350+4613016+704030+4858696&mapsize=350+350&layers=ortofoto' ==22621== Memcheck, a memory error detector. ==22621== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. ==22621== Using LibVEX rev 1658, a library for dynamic binary translation. ==22621== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks? LLP. ==22621== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework. ==22621== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. ==22621== For more details, rerun with: -v ==22621== ==22621== Invalid read of size 4 ==22621== at 0x80578A5: processIcon (maptemplate.c:1276) ==22621== by 0x8058584: generateLayerTemplate (maptemplate.c:1691) ==22621== by 0x8059636: generateLegendTemplate (maptemplate.c:2111) ==22621== by 0x8053536: main (mapserv.c:1344) ==22621== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==22621== ==22621== Process terminating with default action of signal 11 (SIGSEGV) ==22621== Access not within mapped region at address 0x0 ==22621== at 0x80578A5: processIcon (maptemplate.c:1276) ==22621== by 0x8058584: generateLayerTemplate (maptemplate.c:1691) ==22621== by 0x8059636: generateLegendTemplate (maptemplate.c:2111) ==22621== by 0x8053536: main (mapserv.c:1344) ==22621== ==22621== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 113 from 1) ==22621== malloc/free: in use at exit: 104,657 bytes in 833 blocks. ==22621== malloc/free: 1,855 allocs, 1,022 frees, 157,440 bytes allocated. ==22621== For counts of detected errors, rerun with: -v ==22621== searching for pointers to 833 not-freed blocks. ==22621== checked 2,943,060 bytes. ==22621== ==22621== LEAK SUMMARY: ==22621== definitely lost: 0 bytes in 0 blocks. ==22621== possibly lost: 1,411 bytes in 70 blocks. ==22621== still reachable: 103,246 bytes in 763 blocks. ==22621== suppressed: 0 bytes in 0 blocks. ==22621== Reachable blocks (those to which a pointer was found) are not shown. ==22621== To see them, rerun with: --show-reachable=yes Violación de segmento

#./mapserv5b3 -v MapServer version 5.0.0-beta3 OUTPUT=GIF OUTPUT=PNG OUTPUT=JPEG OUTPUT=WBMP OUTPUT=SVG SUPPORTS=PROJ SUPPORTS=FREETYPE SUPPORTS=WMS_SERVER SUPPORTS=WMS_CLIENT SUPPORTS=WFS_SERVER SUPPORTS=WFS_CLIENT SUPPORTS=THREADS INPUT=EPPL7 INPUT=POSTGIS INPUT=OGR INPUT=GDAL INPUT=SHAPEFILE

Thanks again Jorge

[jparapar]

Test for a new HTML crash

[dmorissette]

Jorge, this new issue needs its own ticket. I have created #2228 for it.