Ticket #2332 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

Double free or corruption in msCopyJoin

Reported by: aalbarello Owned by: sdlime
Priority: normal Milestone: 5.0.1 release
Component: MapServer C Library Version: 5.0
Severity: normal Keywords:
Cc:

Description

I'm getting libc's double free/corruption errors when calling msCopyMap on a map containing joins. This is due to the fact that msCopyLayer doesn't initialize join objects by calling initJoin prior to calling msCopyJoin, which therefore calls msFree through the MS_COPYSTRING macro on uninitialized char pointers of the destination map object.

This can be fixed by adding

initJoin(&(dst->joins[i]));

on line 851 of mapcopy.c

Attachments

mapcopy.diff Download (430 bytes) - added by aalbarello 6 years ago.

Change History

Changed 6 years ago by aalbarello

  • milestone set to 5.0.1 release

I'm adding a patch against svn trunk rev 6998 for this one.

Andreas

Changed 6 years ago by aalbarello

Changed 6 years ago by sdlime

  • status changed from new to closed
  • resolution set to fixed

Applied fix to both the main trunk and the 5.0 branch. Closing...

Thanks for the help!

Steve

Changed 6 years ago by aalbarello

Confirming fixed. Thanks, Steve.

Andreas

Note: See TracTickets for help on using tickets.