Opened 6 years ago
Closed 3 years ago
#911 closed defect (wontfix)
MCIndexSnapRounder::computeNodes holds dangling reference ( => SEGFAULT)
| Reported by: | basiliscos | Owned by: | strk |
|---|---|---|---|
| Priority: | major | Milestone: | 3.10.0 |
| Component: | Core | Version: | 3.6.2 |
| Severity: | Unassigned | Keywords: | |
| Cc: |
Description
The MCIndexPointSnapper contains reference to index::SpatialIndex.
MCIndexPointSnapper {
public:
MCIndexPointSnapper(index::SpatialIndex& nIndex): index(nIndex) {}
private:
index::SpatialIndex& index;
}
In MCIndexSnapRounder::computeNodes it creates noder object on stack, and keeps the reference to SpatialIndex from the noder in the member variable pointSnapper . After exiting the method, the noder becomes destroyed and the reference becomes dandgling (lon longer pointing to valid object).
MCIndexSnapRounder::computeNodes(SegmentString::NonConstVect* inputSegmentStrings)
{
nodedSegStrings = inputSegmentStrings;
MCIndexNoder noder;
pointSnapper.release(); // let it leak ?!
pointSnapper.reset(new MCIndexPointSnapper(noder.getIndex()));
}
The folloing MCIndexSnapRounder::computeVertexSnaps invocation leads to SEGFAULT, as pointSnapper has dangling pointer.
MCIndexSnapRounder::computeVertexSnaps(NodedSegmentString* e)
{
CoordinateSequence& pts0 = *(e->getCoordinates());
for (unsigned int i=0, n=pts0.size()-1; i<n; ++i)
{
HotPixel hotPixel(pts0[i], scaleFactor, li);
bool isNodeAdded = pointSnapper->snap(hotPixel, e, i);
}
}
Please, fix.
Change History (2)
comment:1 by , 3 years ago
| Milestone: | → 3.10.0 |
|---|
comment:2 by , 3 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This ticket describes what (to me) looks like a valid problem, but it's quite a few releases old, and oddly there's no internal use of these classes (because they were kind of broken so they got worked around). I'm going to close it and recommend upgrading to 3.9