Ticket #4254 (assigned defect)

Opened 14 months ago

Last modified 14 months ago

crash from msTiledSHPOpenFile due to incorrect handling of error condition

Reported by: nbrachet Owned by: sdlime
Priority: normal Milestone: 6.0.2 release
Component: MapServer C Library Version: 6.0
Severity: normal Keywords:
Cc:

Description

msTiledSHPOpenFile() doesn't fully initialize the shpfile object until it tries to open the SHP file. If opening the tileshpfile fails msTiledSHPOpenFile() returns (with an error) with an undefined shpfile object. When msTiledSHPClose() is closed it will close the shpfile which may cause a crash.

A simple fix is to initialize isopen of shpfile to FALSE. This is the option implemented in the attached patch. Another option is to use calloc instead of malloc to allocate the shpfile object. Yet another option would be to follow the same error handling as when n OOM condition is found and delete the shpfile object right then and there.

Attachments

patch Download (0.9 KB) - added by nbrachet 14 months ago.
proposed patch

Change History

Changed 14 months ago by nbrachet

proposed patch

Changed 14 months ago by sdlime

  • status changed from new to assigned
Note: See TracTickets for help on using tickets.