Ticket #2763 (closed defect: fixed)

Opened 5 years ago

Last modified 4 years ago

PHP MapScript shapeObj->toWkt() segfaults for an object created by ms_shapeObjFromWkt()

Reported by: mgleahy Owned by: aboudreault
Priority: normal Milestone: 5.6 release
Component: MapScript-PHP Version: 5.2
Severity: normal Keywords:
Cc: dmorissette

Description

A shape object created from any wkt will cause php to segfault when shapeObj->toWkt() is called: 

$oTestShape = ms_shapeObjFromWkt('POLYGON((0 0,0 1,1 1,1 0,0 0))');
$sWKT = $oTestShape->toWkt();

Produces this in my apache log: 

[Tue Sep 09 13:41:23 2008] [notice] child pid 6296 exit signal Segmentation fault (11)

No output is sent to the client browser.

Change History

Changed 4 years ago by dmorissette

  • cc dmorissette added
  • owner changed from mapserverbugs to aboudreault
  • milestone set to 5.6 release

Dan Little wrote on mapserver-dev:

I actually have seen this problem rear it's ugly head in Python on a number of applications. It seems specifically linked to 64-bit platforms as my old Pentium 4 didn't seem to have the same issues.

Now, what I've done is a hack... I don't expect it to be anything more but it has fixed my issues...

In mapgeos.c ... comment out the msGEOSFreeGeomtry line. I'm not sure how msGEOSFreeGeometry updates the geometry as according to the comments. I just followed the line of logic from GDB, commented out some code, and magically things started to work as expected. 

char *msGEOSShapeToWKT(shapeObj *shape)
{
#ifdef USE_GEOS
  GEOSGeom g;

  if(!shape)
    return NULL;

  /* if we have a geometry, we should update it*/
  /* msGEOSFreeGeometry(shape->geometry); */

  shape->geometry = (GEOSGeom) msGEOSShape2Geometry(shape);
  g = (GEOSGeom) shape->geometry;
  if(!g) return NULL;

  return GEOSGeomToWKT(g);
#else
  msSetError(MS_GEOSERR, "GEOS support is not available.", "msGEOSShapeToWKT()");
  return NULL;
#endif
}

My hope is that someone with a little more free time and effort may be able either confirm this is a real fix (doubt it) or find the real fix with more familiarity to the msGEOS* code base.

-Duck

Changed 4 years ago by aboudreault

Could you provide me your PHP + GEOS version please ? I just tried the toWKT() function and it worked well.

Changed 4 years ago by mgleahy

If it helps any, on my Fedora 64-bit machine, this segfaults with MapServer 5.4.2, PHP 5.3.0 (as well as with 5.2.x versions of PHP), and GEOS 3.0.3.

It works on my Ubuntu 32-bit machine with MapServer 5.4.2, PHP 5.2.6, and GEOS-3.0.0.

Unfortunately, I currently don't have the ability to run 64-bit VMs, so I can't easily test this in other environments.

Changed 4 years ago by aboudreault

  • status changed from new to closed
  • resolution set to fixed

It took me a moment to realize that the function msGEOSFreeGeometry was simply not called with the proper argument. It was called with a void* argument (which was a pointer to the geometry itself) instead of the shapeObj. I guess that the reason why nothing crashed under 32bits is related to something like NX Bit (a technology to segregate areas of memory). We can see that all mmap, mmap2 calls under 64Bits doesn't have the same protection flags.

Fixed and committed in r9327.

Note: See TracTickets for help on using tickets.