Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#4074 closed defect (fixed)

Seg fault join with postgres table

Reported by: mko Owned by: sdlime
Priority: high Milestone:
Component: MapServer C Library Version: svn-trunk (development)
Severity: trivial Keywords: postgres, join, segfault
Cc: mko

Description

Ticket #2006 did set some quotes to the database select string for postgres joins. See r9049 and r9050. However, now there are 2 bytes length missing when calling malloc. 

SELECT  FROM  WHERE  = ''

is 25 bytes + \0.

Attachments (1)

ms542-4074.patch (538 bytes ) - added by mko 12 years ago.
changing malloc to respect quotes from #2006

Download all attachments as: .zip

Change History (4)

by mko, 12 years ago

Attachment: ms542-4074.patch added

changing malloc to respect quotes from #2006

comment:1 by tbonfort, 12 years ago

Resolution: fixed
Status: newclosed

fixed in trunk (r12760), 56 (r12762) and 60 (r12761) branches.

comment:2 by rouault, 12 years ago

I'm very far from being a huge advocate of C++ and tend to make very limited use of its capability in other projects (GDAL...), but such a bug would strongly militate to use std::string facility concerning automatic memory allocation... Counting the number of bytes is just not maintenable.

Is there a policy in mapserver to only use C ?

comment:3 by tbonfort, 12 years ago

Even,

There is no policy strictly against using c++, but historically we will stick to C when possible. I don't see that changing in the short term although I personally have nothing against switching.

I agree that the current issue is a problem that can bite elsewhere in the code. Rather than using std::string which would be too disruptive, I would advocate using #defines and strlen in these cases, as unless I am mistaken in that case the strlen call is optimized out by the compiler. 

#define my_sql_string "select from \"%s\" where \"%s\"='%s';"

char *final_sql = malloc(strlen(my_sql_string)+ ... );
}
Note: See TracTickets for help on using tickets.