Opened 17 years ago
Closed 17 years ago
#2140 closed defect (fixed)
Mapscript 4.10.0 and 4.10.2 gives segfault with Postgres 8
| Reported by: | antti | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | PostGIS Interface | Version: | 4.10 |
| Severity: | major | Keywords: | |
| Cc: |
Description
line 1770 in mappostgis.c returns the length of the pointer address, not the length of the pointer's content. removing "(int)pos_sep +" seems to eliminate segfaults.
mappostgis.c:1770,1771c1770 < /* length = (int)pos_sep + strlen(pos_sep);*/ < length = strlen(pos_sep); ---
length = (int)pos_sep + strlen(pos_sep);
From: Roppola, Antti - BRS Subject: RE: [UMN_MAPSERVER-USERS] Mapscript 4.10.0 and 4.10.2 gives segfault with Postgres 8.2
Hi Umberto,
Andreas Albarello has identified a fix that works. Our lead developer (Simon) agrees with Andrea's assessment (and is impressed!), he also notes this is bad in that it appears the bug could lead to more RAM being allocated than is available; "The code is creating an int from the pointer address, not the pointer's content".
So someone will probably still need to figure out what the line intended to do (i.e. should it malloc length+1 to allow for the string terminator?), and see if the same (fatal) boo-boo happens anywhere else.
I'll log this whole email with the ticket.
Cheers,
Antti
Andreas wrote:
yes, this looks indeed like a bug in msPOSTGISLayerRetrievePK to me. I've had a look at the code and I could spot line 1770 of mappostgis.c (Mapserver 4.10.1, line number might vary slightly in other versions) which doesn't really look very effective:
length = (int)pos_sep + strlen(pos_sep);
Casting a pointer into an int doesn't seem to make any sense here. I'd suggest you change that line to
length = strlen(pos_sep);
recompile and try again.
From: Umberto Nicoletti umberto.nicoletti@… Sent: Wednesday, 4 July 2007 4:43 PM To: Roppola, Antti - BRS Cc: MAPSERVER-USERS@… Subject: Re: [UMN_MAPSERVER-USERS] Mapscript 4.10.0 and 4.10.2 gives segfault with Postgres 8.2 [SEC=UNCLASSIFIED]
Open a ticket at:
http://trac.osgeo.org/mapserver/
include a demo mapfile and code to reproduce the problem if you can. We'll work on it asap.
Thanks, Umberto
On 7/4/07, Roppola, Antti - BRS <Antti.Roppola@…> wrote:
Hi all,
We're in the process of upgrading from 4.8.1 to 4.10.2 and we are seeing segfaults when using PostGIS layers. I've had a look through the bug tracker and source, the main difference between msPOSTGISLayerRetrievePK() between 4.8.1 and 4.10.2 appears to be the following (mappostgis.c revisions 1.66 to 1.77):
- Revision 1.71 2006/05/03 22:35:41 pramsey
- Added schema separation and search path awareness to the LayerRetrievePK.
(towards Bug 1571)
Does anyone know if this is a known issue? Is the schema patch likely to be the source of it?
- I can usually get two or three maps before the application server
dies completely
- We're using the Java mapscript swig bindings
- Postgres 8.2 with PostGIS 1.2.0
- The segfault occurs with 4.10.0 and 4.10.2
- I have not had a chance to see if the CGI version has the same
problem
- Reverting to 4.8.1 on the same system works fine, suggesting it's
not a Postgres/PostGIS issue
- Stack trace included below
Thanks,
Antti Roppola
Stack: [0x6f395000,0x6f408000), sp=0x6f4033c4, free space=440k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libc.so.6+0x68055] strncpy+0x35 C [libmapscript.so.4.10.2+0xcf5ae] msPOSTGISLayerRetrievePK+0x8e C [libmapscript.so.4.10.2+0xd0b18] C [libmapscript.so.4.10.2+0xd1694] msPOSTGISLayerWhichShapes+0xd4 C [libmapscript.so.4.10.2+0x84f2b] msLayerWhichShapes+0x5b C [libmapscript.so.4.10.2+0x91c79] msDrawVectorLayer+0x1c9 C [libmapscript.so.4.10.2+0x920da] msDrawLayer+0x8a C [libmapscript.so.4.10.2+0x934d1] msDrawMap+0x1d1 C [libmapscript.so.4.10.2+0x464e5] Java_edu_umn_gis_mapscript_mapscriptJNI_mapObj_1draw+0x35 j edu.umn.gis.mapscript.mapscriptJNI.mapObj_draw(JLedu/umn/gis/mapscript /mapObj;)J+0 j edu.umn.gis.mapscript.mapObj.draw()Ledu/umn/gis/mapscript/imageObj;+5 v ~StubRoutines::call_stub
Attachments (1)
Change History (5)
by , 17 years ago
| Attachment: | 2140.patch added |
|---|
comment:1 by , 17 years ago
I have applied 2140.patch and it fixed the seg fault. I was experiencing the seg fault using postgres 8.2
comment:2 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:3 by , 17 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Has this been applied the the 4.10 branch and HEAD?
comment:4 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
I thought I had already committed it.
Please try this patch and see if it works. It is basically the same as Andres but without the weird pointer arithmetic.