Opened 18 years ago
Last modified 17 years ago
#1961 closed defect
Oracle-Spatial: Crash — at Initial Version
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | high | Milestone: | 5.0 release |
Component: | Input - Native Oracle Spatial Support | Version: | unspecified |
Severity: | normal | Keywords: | |
Cc: | mapserver@… |
Description
Hello list-members, hello Fernando Simon We are using Mapserver with Java/Oracle and found crashes (of the hole VM) in some calls of layerObj.getFeature(int shapeindex, int tileindex); As fare as I can see, the crashes occure when the queried SDO_Geometry has value null. Digging in maporaclespatial.c /msOracleSpatialLayerGetShape: Line 2155 (in Version 4.10.0) success = TRY( hand, OCIDefineByPos( dthand->stmthp, &items[i], ..... (where i is index over selected columns) The array "items" is allocated and initialized with only one element. Therefore &items[i] is a pointer to arbitrary memory for i > 0. This seems to cause the crash. Changed the code in the obvious way: - items declared as OCIDefine **items; - allocation: items = calloc(sizeof(OCIDefine*),layer->numitems); The Crashes we detected disappeared. No harmfull side-effects found. Cleaning of the allocated memory is still needed. (As fare as I can see memory cleaning is also missing for the variable nullind.) Same problem in msOracleSpatialLayerGetExtent. Greetings Benedikt PS: My patch-suggestion uses alloca: Since msOracleSpatialLayerGetShape has several return-statements, cleaning up memory would be laborious with free: int msOracleSpatialLayerGetShape( layerObj *layer, shapeObj *shape, long record ) { char query_str[6000], table_name[2000], geom_column_name[100], unique[100], srid[100]; int success, i; int function = 0; int version = 0; OCIDefine *adtp = NULL; OCIDefine **items = NULL; SDOGeometryObj *obj = NULL; SDOGeometryInd *ind = NULL; sb2 *nullind = NULL; msOracleSpatialLayerInfo *layerinfo = (msOracleSpatialLayerInfo *)layer->layerinfo; msOracleSpatialDataHandler *dthand = NULL; msOracleSpatialHandler *hand = NULL; shape->type = MS_SHAPE_NULL; if (layer->debug) msDebug("msOracleSpatialLayerGetShape was called. Using the record = %ld.\n", record); if (layerinfo == NULL) { msSetError( MS_ORACLESPATIALERR, "msOracleSpatialLayerGetShape called on unopened layer","msOracleSpatialLayerGetShape()" ); return MS_FAILURE; } else { dthand = (msOracleSpatialDataHandler *)layerinfo->oradatahandlers; hand = (msOracleSpatialHandler *)layerinfo->orahandlers; } /* allocate enough space for items */ if (layer->numitems > 0) { layerinfo->items_query = (item_text_array_query *)malloc( sizeof(item_text_array_query) * (layer->numitems) ); nullind = (sb2 *)alloca( sizeof(sb2) * (layer->numitems) ); memset(nullind ,0, sizeof(sb2) * (layer->numitems) ); if (layerinfo->items_query == NULL) { msSetError( MS_ORACLESPATIALERR, "Cannot allocate items buffer", "msOracleSpatialLayerGetShape()" ); return MS_FAILURE; } items = (OCIDefine **)alloca(sizeof(OCIDefine *)*layer->numitems); memset(items ,0,sizeof(OCIDefine *),layer->numitems); }
Note:
See TracTickets
for help on using tickets.