Ticket #4074 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Seg fault join with postgres table

Reported by: mko Owned by: sdlime
Priority: high Milestone:
Component: MapServer C Library Version: svn-trunk (development)
Severity: trivial Keywords: postgres, join, segfault
Cc: mko

Description

Ticket #2006 did set some quotes to the database select string for postgres joins. See r9049 and r9050. However, now there are 2 bytes length missing when calling malloc.

SELECT  FROM  WHERE  = ''

is 25 bytes + \0.

Attachments

ms542-4074.patch Download (0.5 KB) - added by mko 2 years ago.
changing malloc to respect quotes from #2006

Change History

Changed 2 years ago by mko

changing malloc to respect quotes from #2006

Changed 2 years ago by tbonfort

  • status changed from new to closed
  • resolution set to fixed

fixed in trunk (r12760), 56 (r12762) and 60 (r12761) branches.

Changed 2 years ago by rouault

I'm very far from being a huge advocate of C++ and tend to make very limited use of its capability in other projects (GDAL...), but such a bug would strongly militate to use std::string facility concerning automatic memory allocation... Counting the number of bytes is just not maintenable.

Is there a policy in mapserver to only use C ?

Changed 2 years ago by tbonfort

Even,

There is no policy strictly against using c++, but historically we will stick to C when possible. I don't see that changing in the short term although I personally have nothing against switching.

I agree that the current issue is a problem that can bite elsewhere in the code. Rather than using std::string which would be too disruptive, I would advocate using #defines and strlen in these cases, as unless I am mistaken in that case the strlen call is optimized out by the compiler.

#define my_sql_string "select from \"%s\" where \"%s\"='%s';"

char *final_sql = malloc(strlen(my_sql_string)+ ... );
}
Note: See TracTickets for help on using tickets.