Opened 19 years ago

Last modified 19 years ago

#951 closed defect (worksforme)

a complicated memory corruption probably in swig/perl

Reported by: ari.jolma@… Owned by: ari.jolma@…
Priority: high Milestone:
Component: default Version: unspecified
Severity: normal Keywords:
Cc:

Description 

running the test.pl script causes a segfault if newRV_noinc is _correctly_ used
in dict out typemap, which is used for returning metadata from gdal drivers

the segfault manifests itself in shapefile datasource and feature destroy like
this (valgrind output):

Invalid read of size 4
OGRFeatureDefn::Dereference() (ogr_feature.h:241)
OGRFeatureDefn::Release() (ogrfeaturedefn.cpp:184)
OGRShapeLayer::~OGRShapeLayer() (ogrshapelayer.cpp:159)
OGRShapeDataSource::~OGRShapeDataSource() (ogrshapedatasource.cpp:145)
OGRSFDriverRegistrar::ReleaseDataSource(OGRDataSource*)
(ogrsfdriverregistrar.cpp:367)
OGRReleaseDataSource (ogrsfdriverregistrar.cpp:436)
_wrap_delete_DataSource (ogr_wrap.cpp:1123)

Address 0x1BC9E814 is 4 bytes inside a block of size 24 free'd
operator delete(void*) (vg_replace_malloc.c:246)
OGRFeatureDefn::~OGRFeatureDefn() (ogrfeaturedefn.cpp:150)
OGRFeatureDefn::Release() (ogrfeaturedefn.cpp:185)
OGRFeature::~OGRFeature() (ogrfeature.cpp:216)
OGR_F_Destroy (ogrfeature.cpp:242)
_wrap_delete_Feature (ogr_wrap.cpp:1324)

this is repeated three times

under gdb the segfault is reported like this:

0xb7c42df9 in free () from /lib/tls/libc.so.6
(gdb) bt
free () from /lib/tls/libc.so.6
VSIFree (pData=0x5b533000) at cpl_vsisimple.cpp:346
~OGR_SRSNode (this=0x85b592f) at ogr_srsnode.cpp:148
OGR_SRSNode::ClearChildren (this=0x85b5508) at ogr_srsnode.cpp:162
~OGR_SRSNode (this=0x85b5508) at ogr_srsnode.cpp:150
~OGRSpatialReference (this=0x85b55b8) at ogrspatialreference.cpp:243
OGRSpatialReference::Release (this=0x85b55b8) at ogrspatialreference.cpp:381
~OGRShapeLayer (this=0x85b6908) at ogrshapelayer.cpp:160
~OGRShapeDataSource (this=0x85aea20) at ogrshapedatasource.cpp:145
OGRSFDriverRegistrar::ReleaseDataSource (this=0x85511e8, poDS=0x85aea20) at
ogrsfdriverregistrar.cpp:367
OGRReleaseDataSource (hDS=0x85aea20) at ogrsfdriverregistrar.cpp:436
_wrap_delete_DataSource (my_perl=0x8444008, cv=0x8537e5c) at ogr_wrap.cpp:1123

Change History (3)

comment:1 by warmerdam, 19 years ago 

Ari, 

Can you confirm that you are using shape2ogr.cpp version 1.38? 

Hmm, I would have thought mbrudka would have applied another revision by 
now.

The problem looks like the layer didn't properly reference the feature
definition.

comment:2 by ari.jolma@…, 19 years ago 

(In reply to comment #1)
> Ari, 
> 
> Can you confirm that you are using shape2ogr.cpp version 1.38? 

no, it looks like I've used an older version 1.37

> 
> Hmm, I would have thought mbrudka would have applied another revision by 
> now.
> 
> The problem looks like the layer didn't properly reference the feature
> definition. 
> 

After I realized I was able to misuse the shape driver too badly (create a
feature with unsupported geometry type and call SetGeometry with uninitialized
Geometry object) I didn't dig deeper.

comment:3 by warmerdam, 19 years ago 

Ari,

Please reopen if you find the problem persists.
Note: See TracTickets for help on using tickets.