Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#4074 closed defect (fixed)

Seg fault join with postgres table

Reported by: mko Owned by: sdlime
Priority: high Milestone:
Component: MapServer C Library Version: svn-trunk (development)
Severity: trivial Keywords: postgres, join, segfault
Cc: mko


Ticket #2006 did set some quotes to the database select string for postgres joins. See r9049 and r9050. However, now there are 2 bytes length missing when calling malloc.


is 25 bytes + \0.

Attachments (1)

ms542-4074.patch (538 bytes) - added by mko 7 years ago.
changing malloc to respect quotes from #2006

Download all attachments as: .zip

Change History (4)

Changed 7 years ago by mko

Attachment: ms542-4074.patch added

changing malloc to respect quotes from #2006

comment:1 Changed 7 years ago by tbonfort

Resolution: fixed
Status: newclosed

fixed in trunk (r12760), 56 (r12762) and 60 (r12761) branches.

comment:2 Changed 7 years ago by rouault

I'm very far from being a huge advocate of C++ and tend to make very limited use of its capability in other projects (GDAL...), but such a bug would strongly militate to use std::string facility concerning automatic memory allocation... Counting the number of bytes is just not maintenable.

Is there a policy in mapserver to only use C ?

comment:3 Changed 7 years ago by tbonfort


There is no policy strictly against using c++, but historically we will stick to C when possible. I don't see that changing in the short term although I personally have nothing against switching.

I agree that the current issue is a problem that can bite elsewhere in the code. Rather than using std::string which would be too disruptive, I would advocate using #defines and strlen in these cases, as unless I am mistaken in that case the strlen call is optimized out by the compiler.

#define my_sql_string "select from \"%s\" where \"%s\"='%s';"

char *final_sql = malloc(strlen(my_sql_string)+ ... );
Note: See TracTickets for help on using tickets.