Ticket #4178 (closed defect: fixed)

Opened 16 months ago

Last modified 16 months ago

segfault in msPolyLineLabelPath

Reported by: tbonfort Owned by: sdlime
Priority: normal Milestone:
Component: MapServer C Library Version: unspecified
Severity: normal Keywords:
Cc: aboudreault

Description 

#0  0x000000010127a051 in msPolylineLabelPath (map=0x10098b000, img=0x102a7a090, p=0x7fff5fbfea30, min_length=-1, fontset=0x10098b068, string=0x102aa7380 "", label=0x102922b38, scalefactor=1, numpaths=0x7fff5fbfe718, regular_lines=0x7fff5fbfe6f8, num_regular_lines=0x7fff5fbfe710) at mapprimitive.c:1765
#1  0x00000001012c55e1 in msDrawShape (map=0x10098b000, layer=0x102922270, shape=0x7fff5fbfea30, image=0x102a7a090, style=-1, querymapMode=0) at mapdraw.c:2098
#2  0x00000001012bf8b9 in msDrawVectorLayer (map=0x10098b000, layer=0x102922270, image=0x102a7a090) at mapdraw.c:1080
#3  0x00000001012be525 in msDrawLayer (map=0x10098b000, layer=0x102922270, image=0x102a7a090) at mapdraw.c:809
#4  0x00000001012bd1e4 in msDrawMap (map=0x10098b000, querymap=0) at mapdraw.c:434

The issue is happening when the inputed shape has 0 lines. I don't fully understand how a shape with 0 lines can descend so deep into the rendering phase, so this might have to be checked.

I'll attach a patch that prevents the segfault.

Change History

Changed 16 months ago by tbonfort 

Index: mapprimitive.c
===================================================================
--- mapprimitive.c	(revision 13074)
+++ mapprimitive.c	(working copy)
@@ -1756,7 +1756,8 @@
 
   msPolylineComputeLineSegments(p, &segment_lengths, &line_lengths, &max_line_index, &max_line_length, &segment_index, &total_length);
  
-  if (label->repeatdistance > 0)
+  if (total_length > 0) {
+   if(label->repeatdistance > 0)
     for(i=0; i<p->numlines; i++) {
       msPolylineLabelPathLineString(map,img, p,min_length, fontset, string, label, scalefactor, i, segment_lengths, line_lengths[i], total_length, 
                                     &labelpaths_index, &labelpaths_size, &labelpaths, regular_lines, &regular_lines_index, &regular_lines_size);
@@ -1764,7 +1765,7 @@
   else
     msPolylineLabelPathLineString(map, img, p,min_length, fontset, string, label, scalefactor, max_line_index, segment_lengths, line_lengths[max_line_index], total_length, 
                                   &labelpaths_index, &labelpaths_size, &labelpaths, regular_lines, &regular_lines_index, &regular_lines_size);
-
+  }
   /* freeing memory: allocated by msPolylineComputeLineSegments */
   if ( segment_lengths ) {
     for ( i = 0; i < p->numlines; i++ )

Changed 16 months ago by sdlime

  • cc aboudreault added

Alan should weigh in. Fix seems simple enough...

Steve

Changed 16 months ago by tbonfort

  • status changed from new to closed
  • resolution set to fixed

fixed in r13082 . We now check after having transformed the shape that it has numlines>0 , instead of applying the patch I proposed.

Note: See TracTickets for help on using tickets.