Opened 13 years ago
#3854 new defect
CSV join fails with segfault when CSV file contains lines longer than MS_BUFFER_LENGTH
Reported by: | ejn | Owned by: | sdlime |
---|---|---|---|
Priority: | high | Milestone: | 6.0 release |
Component: | MapServer C Library | Version: | svn-trunk (development) |
Severity: | major | Keywords: | join cvs segfault MS_BUFFER_LENGTH |
Cc: |
Description
In msCSVJoinConnect the number of rows in the CSV file is determined by counting the number of fgets. If any row has a length greater than MS_BUFFER_LENGTH then the wrong number of rows is determined for the file, which later leads to a segfault in msCSVJoinNext when the join is being processed.
Rather than just counting the number of fgets, the last character of the buffer should be being inspected each time to check whether it's a newline - if not then don't count this fgets.
The problem line is mapjoin.c:361 -> should be changed to something like (warning: untested airware!)
while(fgets(buffer, MS_BUFFER_LENGTH, stream) != NULL) if (buffer[strlen(buffer) - 1] == '\n') joininfo->numrows++;
instead of just
while(fgets(buffer, MS_BUFFER_LENGTH, stream) != NULL) joininfo->numrows++;
If it's too late for a fix for 6.0 then this feature should at least be documented (along with the rest of the CSV join stuff, *cough cough*). The problem affects all versions back to at least 5.4.
(Set to 6.0 release and severity major in the hope that at least the documentation will make the cut - it's obviously not a widely-used feature, but anything repeatably causing a segfault is Not Good)