Hello list-members, hello Fernando Simon
We are using Mapserver with Java/Oracle and found crashes (of the hole VM) in some
calls of layerObj.getFeature(int shapeindex, int tileindex);
As fare as I can see, the crashes occure when the queried SDO_Geometry has value
null.
Digging in maporaclespatial.c /msOracleSpatialLayerGetShape:
Line 2155 (in Version 4.10.0)
success = TRY( hand, OCIDefineByPos( dthand->stmthp, &items[i], .....
(where i is index over selected columns)
The array "items" is allocated and initialized with only one element. Therefore
&items[i] is a pointer to
arbitrary memory for i > 0. This seems to cause the crash.
Changed the code in the obvious way:
- items declared as
OCIDefine **items;
- allocation:
items = calloc(sizeof(OCIDefine*),layer->numitems);
The Crashes we detected disappeared. No harmfull side-effects found.
Cleaning of the allocated memory is still needed. (As fare as I can see memory
cleaning is also
missing for the variable nullind.)
Same problem in msOracleSpatialLayerGetExtent.
Greetings
Benedikt
PS: My patch-suggestion uses alloca: Since msOracleSpatialLayerGetShape has
several return-statements, cleaning up memory would be laborious with free:
int msOracleSpatialLayerGetShape( layerObj *layer, shapeObj *shape, long record )
{
char query_str[6000], table_name[2000], geom_column_name[100], unique[100],
srid[100];
int success, i;
int function = 0;
int version = 0;
OCIDefine *adtp = NULL;
OCIDefine **items = NULL;
SDOGeometryObj *obj = NULL;
SDOGeometryInd *ind = NULL;
sb2 *nullind = NULL;
msOracleSpatialLayerInfo *layerinfo = (msOracleSpatialLayerInfo
*)layer->layerinfo;
msOracleSpatialDataHandler *dthand = NULL;
msOracleSpatialHandler *hand = NULL;
shape->type = MS_SHAPE_NULL;
if (layer->debug)
msDebug("msOracleSpatialLayerGetShape was called. Using the record =
%ld.\n", record);
if (layerinfo == NULL)
{
msSetError( MS_ORACLESPATIALERR, "msOracleSpatialLayerGetShape called on
unopened layer","msOracleSpatialLayerGetShape()" );
return MS_FAILURE;
}
else
{
dthand = (msOracleSpatialDataHandler *)layerinfo->oradatahandlers;
hand = (msOracleSpatialHandler *)layerinfo->orahandlers;
}
/* allocate enough space for items */
if (layer->numitems > 0)
{
layerinfo->items_query = (item_text_array_query *)malloc(
sizeof(item_text_array_query) * (layer->numitems) );
nullind = (sb2 *)alloca( sizeof(sb2) * (layer->numitems) );
memset(nullind ,0, sizeof(sb2) * (layer->numitems) );
if (layerinfo->items_query == NULL)
{
msSetError( MS_ORACLESPATIALERR, "Cannot allocate items buffer",
"msOracleSpatialLayerGetShape()" );
return MS_FAILURE;
}
items = (OCIDefine **)alloca(sizeof(OCIDefine *)*layer->numitems);
memset(items ,0,sizeof(OCIDefine *),layer->numitems);
}
Hi Benedikt, Thank you for replay about this bug. And sorry for my delay to reply you. This error is almost the same as the bug #1736. The pach that you sent is better that was purpose in the related bug. I will fix this issue in the next week. But before I need to close the bug #1662. Any doubt you can contact me. Best regards