Opened 14 years ago

Closed 14 years ago

#3280 closed defect (worksforme)

WMS request causes AGG segfault

Reported by: lagerratrobe Owned by: pramsey
Priority: normal Milestone:
Component: MapServer C Library Version: 5.6
Severity: major Keywords:
Cc:

Description (last modified by tbonfort)

  • WMS request generated by TileCache is causing MapServer to segfault. Request looks like this:

http://localhost/cgi-bin/mapserv?map=/var/www/mapfiles/clip_test/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703

  • Area of request can successfully be rendered using "MODE=MAP":

http://localhost/cgi-bin/mapserv?map=/var/www/mapfiles/clip_test/shape_seattle.map&mode=map

  • gdb output of WMS request below: 
    $ gdb /usr/lib/cgi-bin/mapserv
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/cgi-bin/mapserv...done.
(gdb) run "QUERY_STRING=map=/var/www/mapfiles/clip_test/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703"
Starting program: /usr/lib/cgi-bin/mapserv "QUERY_STRING=map=/var/www/mapfiles/clip_test/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703"
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00d91bf2 in ?? () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0x00d91bf2 in ?? () from /lib/tls/i686/cmov/libc.so.6
#1  0x00d93868 in malloc () from /lib/tls/i686/cmov/libc.so.6
#2  0x007a9bb7 in operator new(unsigned int) () from /usr/lib/libstdc++.so.6
#3  0x007a9ced in operator new[](unsigned int) () from /usr/lib/libstdc++.so.6
#4  0x080dbdd5 in void mapserver::render_scanlines<mapserver::rasterizer_scanline_aa<mapserver::rasterizer_sl_clip<mapserver::ras_conv_int> >, mapserver::scanline_u8, mapserver::renderer_scanline_aa_solid<mapserver::renderer_base<mapserver::pixfmt_alpha_blend_rgba<mapserver::blender_rgba_pre<mapserver::rgba8, mapserver::order_bgra>, mapserv_row_ptr_cache<int>, int> > > >(mapserver::rasterizer_scanline_aa<mapserver::rasterizer_sl_clip<mapserver::ras_conv_int> >&, mapserver::scanline_u8&, mapserver::renderer_scanline_aa_solid<mapserver::renderer_base<mapserver::pixfmt_alpha_blend_rgba<mapserver::blender_rgba_pre<mapserver::rgba8, mapserver::order_bgra>, mapserv_row_ptr_cache<int>, int> > >&) ()
#5  0x080ba7ac in T.1744 ()
#6  0x080bdbda in msDrawShadeSymbolAGG ()
#7  0x0813b3d2 in msDrawShadeSymbol ()
#8  0x0809ff17 in msDrawShape ()
#9  0x080a2cfe in msDrawVectorLayer ()
#10 0x080a343d in msDrawLayer ()
#11 0x080a4fd7 in msDrawMap ()
#12 0x08157d82 in msWMSGetMap ()
#13 0x0815cf36 in msWMSDispatch ()
#14 0x080e9924 in msOWSDispatch ()
#15 0x08056583 in main ()
(gdb)

Attachments (1)

agg_wms_segfault.tar.gz (68.1 KB ) - added by lagerratrobe 14 years ago.
mapfile and data to replicate error

Download all attachments as: .zip

Change History (12)

by lagerratrobe, 14 years ago

Attachment: agg_wms_segfault.tar.gz added

mapfile and data to replicate error

comment:1 by tbonfort, 14 years ago

Status: newassigned

I can't reproduce the segfault.

Can you reproduce the segfault using the exact data and mapfile form the tarball included in the ticket?

It seems very awkward that the segfault is happening fro you in the shade (polygon) symbol renderer, whereas the layer you are calling is a line symbol.

comment:2 by tbonfort, 14 years ago

Description: modified (diff)

comment:3 by lagerratrobe, 14 years ago

I'm definitely able to replicate the segfault using the attached data on the machine that I originally encountered the error on. I tested before sending the packaged data set. Just tested this morning on my personal laptop running MapServer 5.2 and cannot get the segfault to occur there with this specific request. However, I know that this same data set has caused segfaults during tiling on that old machine as well.

Both layers are set to "STATUS DEFAULT" in the mapfile. Does it make a difference which one is being requested then?

comment:4 by lagerratrobe, 14 years ago

Verified on work machine that segfault occurs with included WMS request using MS 5.6.0. Compiled MS 5.4.2 with same options and tested. Segfault does not occur with 5.4.2.

comment:5 by pramsey, 14 years ago

Unable to reproduce on OSX 10.6.2. Perhaps it's 32-bit only?

comment:6 by pramsey, 14 years ago

No segfault on 32bit centos 5.4 either. Here's how I call mapserver: 

~/Code/mapserver/mapserver-5.6.0/mapserv "QUERY_STRING=map=/Users/pramsey/Dropbox/agg_wms_segfault/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703"

comment:7 by pramsey, 14 years ago

Component: AGGMapServer C Library
Owner: changed from tbonfort to pramsey
Status: assignednew

Since the reporter can only generate this in WMS mode, not by running an identical map file, and it is *not* reproducible on other platforms, I'm going to make a semi-informed guess that the problem is actually that somewhere in the OWS code we're clobbering memory which is getting picked up by AGG later, but only on the reporters platform. I think the next diagnostic step is a pass through valgrind.

lagerratrobe, one last debug step, can you confirm that the problem still exists on the latest revision of the 5.6 branch? 

svn co http://svn.osgeo.org/mapserver/branches/branch-5-6/mapserver mapserver-5.6-svn

comment:8 by lagerratrobe, 14 years ago

Checked out latest version of 5.6 using Paul's svn link above. Compiled with the following configuration options:

--prefix=/usr --with-pdf --with-freetype --with-agg --with-eppl --with-proj --with-threads --with-geos --with-ogr --with-gdal --with-tiff --with-png --with-jpeg --with-postgis=/usr/local/pgsql/bin/pg_config --with-wfs --with-wcs --with-wmsclient --with-wfsclient --with-fastcgi --with-gd

Ran test: :/usr/local/mapserver-5.6-svn$ ./mapserv "QUERY_STRING=map=/var/www/mapfiles/clip_test/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703"

Segmentation fault

GDB: :/usr/local/mapserver-5.6-svn$ gdb ./mapserv GNU gdb (GDB) 7.0-ubuntu Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/mapserver-5.6-svn/mapserv...done. (gdb) run "QUERY_STRING=map=/var/www/mapfiles/clip_test/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703" Starting program: /usr/local/mapserver-5.6-svn/mapserv "QUERY_STRING=map=/var/www/mapfiles/clip_test/shape_seattle.map&layers=roadsPG&styles=&service=WMS&width=256&format=image/png&request=GetMap&height=256&srs=EPSG:4326&version=1.1.1&bbox=-122.338256836,47.6586914062,-122.332763672,47.6641845703" [Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault. 0x06ebcbf2 in ?? () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0x06ebcbf2 in ?? () from /lib/tls/i686/cmov/libc.so.6 #1 0x06ebe868 in malloc () from /lib/tls/i686/cmov/libc.so.6 #2 0x00a41bb7 in operator new(unsigned int) () from /usr/lib/libstdc++.so.6 #3 0x00a41ced in operator new[](unsigned int) () from /usr/lib/libstdc++.so.6 #4 0x080dbad5 in void mapserver::render_scanlines<mapserver::rasterizer_scanline_aa<mapserver::rasterizer_sl_clip<mapserver::ras_conv_int> >, mapserver::scanline_u8, mapserver::renderer_scanline_aa_solid<mapserver::renderer_base<mapserver::pixfmt_alpha_blend_rgba<mapserver::blender_rgba_pre<mapserver::rgba8, mapserver::order_bgra>, mapserv_row_ptr_cache<int>, int> > > >(mapserver::rasterizer_scanline_aa<mapserver::rasterizer_sl_clip<mapserver::ras_conv_int> >&, mapserver::scanline_u8&, mapserver::renderer_scanline_aa_solid<mapserver::renderer_base<mapserver::pixfmt_alpha_blend_rgba<mapserver::blender_rgba_pre<mapserver::rgba8, mapserver::order_bgra>, mapserv_row_ptr_cache<int>, int> > >&) () #5 0x080ba4ac in T.1744 () #6 0x080bd8da in msDrawShadeSymbolAGG () #7 0x0813b0d2 in msDrawShadeSymbol () #8 0x080a00a7 in msDrawShape () #9 0x080a2e8e in msDrawVectorLayer () #10 0x080a35cd in msDrawLayer () #11 0x080a5167 in msDrawMap () #12 0x081578e2 in msWMSGetMap () #13 0x0815ca96 in msWMSDispatch () #14 0x080e9624 in msOWSDispatch () #15 0x08056563 in main () (gdb)

comment:9 by pramsey, 14 years ago

Well, the code is totally pristine under memcheck. There was one uninitialized variable in the thing, fixed at r9775.

comment:10 by pramsey, 14 years ago

Sorry, actually fixed at r9776.

comment:11 by pramsey, 14 years ago

Resolution: worksforme
Status: newclosed

I'm turning this one off until we can find more reproduceability.

Note: See TracTickets for help on using tickets.