Opened 17 years ago

Closed 17 years ago

#2078 closed defect (fixed)

KML crash on a certain file

Reported by: darkblueB Owned by: warmerdam
Priority: normal Milestone: 1.5.0
Component: OGR_SF Version: unspecified
Severity: normal Keywords: KML
Cc:

Description

ogr2ogr -f KML ~/output.kml ~/victoriaPlaces2.kml -dsco AltitudeMode=absolute

bad crash

ogr2ogr -f KML ~/output.kml ~/victoriaPlaces2.kml

also aborts

--see bug trace attached

Attachments (2)

victoriaPlaces2.kml (6.9 KB ) - added by darkblueB 17 years ago.
foo.kml (244 bytes ) - added by crschmidt 17 years ago.
reduced test case

Download all attachments as: .zip

Change History (5)

by darkblueB, 17 years ago

Attachment: victoriaPlaces2.kml added

comment:1 by darkblueB, 17 years ago

Last login: Mon Dec 10 19:17:45 on ttyp2 Welcome to Darwin! pbG42-2:~ jspace$ gdb ogr2ogr GNU gdb 6.3.50-20050815 (Apple version gdb-573) (Fri Oct 20 15:54:33 GMT 2006) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "powerpc-apple-darwin"...Reading symbols for shared libraries ............. done

(gdb) set args -f KML output.kml /Users/Shared/srcs/miscKML/victoriaPlaces2.kml -dsco AltitudeMode=absolute (gdb) run Starting program: /usr/local/bin/ogr2ogr -f KML output.kml /Users/Shared/srcs/miscKML/victoriaPlaces2.kml -dsco AltitudeMode=absolute Reading symbols for shared libraries .++.+..................++ done Warning 1: Layer name 'inside three folder' adjusted to 'inside_three_folder' for XML validity.

Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x3c2f5097 0x0127d410 in OGRKMLLayer::CreateFeature (this=0x502640, poFeature=0x505b80) at ogrkmllayer.cpp:385 385 poFeature->GetGeometryRef()->getEnvelope( &sGeomBounds ); (gdb) backtrace #0 0x0127d410 in OGRKMLLayer::CreateFeature (this=0x502640, poFeature=0x505b80) at ogrkmllayer.cpp:385 #1 0x00004348 in TranslateLayer (poSrcDS=0x505c80, poSrcLayer=0x502a80, poDstDS=0x502640, papszLCO=0x0, pszNewLayerName=0x1 <Address 0x1 out of bounds>, bTransform=5266368, poOutputSRS=0x3c74, poSourceSRS=0x505b80, papszSelFields=0x0, bAppend=0, eGType=-2, bOverwrite=0) at ogr2ogr.cpp:806 #2 0x000052c4 in main (nArgc=5253760, papszArgv=0x501c80) at ogr2ogr.cpp:431 (gdb) set args -f KML output.kml /Users/Shared/srcs/miscKML/victoriaPlaces2.kml (gdb) run The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/local/bin/ogr2ogr -f KML output.kml /Users/Shared/srcs/miscKML/victoriaPlaces2.kml Warning 1: Layer name 'inside three folder' adjusted to 'inside_three_folder' for XML validity. Warning 1: Layer name 'inside Two folder' adjusted to 'inside_Two_folder' for XML validity. Warning 1: Layer name 'Top One Folder' adjusted to 'Top_One_Folder' for XML validity. Warning 1: Layer name 'Victoria Places' adjusted to 'Victoria_Places' for XML validity. terminate called after throwing an instance of 'std::out_of_range'

what(): vector::_M_range_check

Program received signal SIGABRT, Aborted. 0x900481ac in kill () (gdb) backtrace #0 0x900481ac in kill () #1 0x9012d7b4 in abort () #2 0x94bfa078 in gnu_cxx::verbose_terminate_handler () #3 0x94bf7c08 in gxx_personality_v0 () #4 0x94bf7c6c in std::terminate () #5 0x94bf7eac in cxa_throw () #6 0x94bb10ac in std::throw_out_of_range () #7 0x0120bd34 in KMLNode::getNameElement (this=0x87859393) at /usr/include/c++/4.0.0/bits/stl_vector.h:518 #8 0x0120c2c0 in KMLNode::getFeature (this=0x502fe0, nNum=0) at kmlnode.cpp:525 #9 0x0127d560 in OGRKMLLayer::GetNextFeature (this=0x505340) at ogrkmllayer.cpp:121 #10 0x0000411c in TranslateLayer (poSrcDS=0x0, poSrcLayer=0x505340, poDstDS=0x5066e0, papszLCO=0xc24bc195, pszNewLayerName=0x0, bTransform=19385584, poOutputSRS=0x3c74, poSourceSRS=0x2, papszSelFields=0x0, bAppend=0, eGType=-2, bOverwrite=0) at ogr2ogr.cpp:738 #11 0x000052c4 in main (nArgc=5264192, papszArgv=0x501c40) at ogr2ogr.cpp:431 (gdb)

comment:2 by crschmidt, 17 years ago

The trace indicates that the second command was run after the first had already crashed ogr2ogr. Can you get it to crash seperately? I can not.

However, the first comand does crash:

Warning 1: Layer name 'inside three folder' adjusted to 'inside_three_folder' for XML validity.
*** glibc detected *** free(): invalid next size (normal): 0x08051338 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread 4136097456 (LWP 10160)]
0xf6a305df in raise () from /lib32/libc.so.6
(gdb) bt
#0  0xf6a305df in raise () from /lib32/libc.so.6
#1  0xf6a31b13 in abort () from /lib32/libc.so.6
#2  0xf6a650d5 in __fsetlocking () from /lib32/libc.so.6
#3  0xf6a6c1ec in mallopt () from /lib32/libc.so.6
#4  0xf6a6c284 in free () from /lib32/libc.so.6
#5  0xf79a3501 in VSIFree () from /home/crschmidt/FWTools-2.0.3/lib/libgdal.so
#6  0xf7a70132 in OGRKMLLayer::CreateFeature ()
   from /home/crschmidt/FWTools-2.0.3/lib/libgdal.so
#7  0x0804a883 in TranslateLayer ()
#8  0x0804973a in main ()
(gdb) 

This is with FWTools2.0.3.

by crschmidt, 17 years ago

Attachment: foo.kml added

reduced test case

comment:3 by warmerdam, 17 years ago

Component: defaultOGR_SF
Milestone: 1.5.0
Resolution: fixed
Status: newclosed

Fixed geometry string buffer overflow in altitude mode (r13318).

Note: See TracTickets for help on using tickets.