MapGuide crash on a layer with a malformed tooltip

[gabrimonfa]

I'm on

mapguide 2.5.2 32 bit @ centos 6 OGR Provider (with libgdal recompiled to support PostgreSQL).

one of my colleague by mistake set a layer tooltip mixing double quotes and single quotes. In particular, since the tooltip had some words within single quotes, he surrounded the entire tooltip within double quotes, instead of properly escaping single quotes. The wrong tooltip was like

<Tooltip>"Something like this 'bla bla' R. G. 'bla bla'"</Tooltip>

When hovering the mouse on the polygon with this tooltip MapGuide 2.5.2 (but also 2.4.0) crashed without logging anything. This happened always, so it's easily reproducible.

Validating the problematic layer with Maestro did not reveal the problem. Fixing the tooltip solved the problem.

I'm worried about this crash because we have a lot of maps and many different people working on map authoring, so wrong tooltip may happens from time to time and I've not yet found a systematic way to check them.

Step needed to reproduce the bug:

1. unzip the test.zip into an aliased folder called "mapguide_data"
2. load mgp into mapguide
3. connect to the server with Maestro
4. Open maestro options under Tool>Options. In the tab Editors uncheck "Preview with local map viewer (where applicable)". We need this in order to preview the map in a browser, previewing in local map viewer does not reveal the bug.
5. open the layer in maestro and preview the layer using Preview button
6. In the browser window, pan to one of the geometry
7. Hover the mouse inside the geometry.
8. No tooltip is showed, mapguide crashed

[gabrimonfa]

zip file with a shapefile

[gabrimonfa]

Mapguide package with featuresource and layer

[jng]

Package that includes the SHP files

[jng]

Can reproduce on trunk MapGuide.

The FDO Expression Engine seems to have issues with this particular expression. It parses as an identifier which is correct due to the double quotes, but the Expression Engine is choking up on it.

#0  0x02f770be in FdoExpressionEngineImp::ProcessIdentifier(FdoIdentifier&) () from /usr/local/fdo-3.9.0/lib/libExpressionEngine-3.9.0.so
#1  0x0038f387 in FdoIdentifier::Process(FdoIExpressionProcessor*) () from /usr/local/fdo-3.9.0/lib/libFDO-3.9.0.so
#2  0x02f7acd6 in FdoExpressionEngineImp::Evaluate(FdoExpression*) () from /usr/local/fdo-3.9.0/lib/libExpressionEngine-3.9.0.so
#3  0x02f6834a in FdoExpressionEngine::Evaluate(FdoExpression*) () from /usr/local/fdo-3.9.0/lib/libExpressionEngine-3.9.0.so
#4  0x01ebb580 in GeometryAdapter::EvalString(std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >&) () from /usr/local/mapguideopensource-3.0.0/lib/libMgStylization-3.0.0.so
#5  0x01eeb186 in PolygonAdapter::Stylize(Renderer*, RS_FeatureReader*, bool, FdoExpressionEngine*, LineBuffer*, MdfModel::FeatureTypeStyle*, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const*, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const*, RS_ElevationSettings*, CSysTransformer*) () from /usr/local/mapguideopensource-3.0.0/lib/libMgStylization-3.0.0.so
#6  0x01eaf5e8 in DefaultStylizer::StylizeVLHelper(MdfModel::VectorLayerDefinition*, MdfModel::VectorScaleRange*, Renderer*, RS_FeatureReader*, bool, CSysTransformer*, bool (*)(void*), void*) () from /usr/local/mapguideopensource-3.0.0/lib/libMgStylization-3.0.0.so
#7  0x01eaf9b3 in DefaultStylizer::StylizeVectorLayer(MdfModel::VectorLayerDefinition*, Renderer*, RS_FeatureReader*, CSysTransformer*, double, bool (*)(void*), void*) () from /usr/local/mapguideopensource-3.0.0/lib/libMgStylization-3.0.0.so
#8  0x01a113ec in MgServerRenderingService::RenderForSelection(MgMap*, MgStringCollection*, MgGeometry*, int, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, int, int, FeatureInfoRenderer*) ()
   from /usr/local/mapguideopensource-3.0.0/server/lib/libMgServerRenderingService-3.0.0.so
#9  0x01a14ce7 in MgServerRenderingService::QueryFeatures(MgMap*, MgStringCollection*, MgGeometry*, int, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, int, int) () from /usr/local/mapguideopensource-3.0.0/server/lib/libMgServerRenderingService-3.0.0.so
#10 0x01a064e9 in MgOpQueryFeatures::Execute() () from /usr/local/mapguideopensource-3.0.0/server/lib/libMgServerRenderingService-3.0.0.so
#11 0x019fb094 in MgRenderingServiceHandler::ProcessOperation() ()
   from /usr/local/mapguideopensource-3.0.0/server/lib/libMgServerRenderingService-3.0.0.so
#12 0x0808b0d9 in MgOperationThread::ProcessOperation (this=0xbffff0b0, pData=0x83f9eb0) at OperationThread.cpp:397
#13 0x0808c886 in MgOperationThread::ProcessMessage (this=0x0, pMB=0x83f9eb0) at OperationThread.cpp:226
#14 0x0808d6c4 in MgOperationThread::svc (this=0xbffff0b0) at OperationThread.cpp:90
#15 0x0023e863 in ACE_Task_Base::svc_run(void*) () from /usr/local/mapguideopensource-3.0.0/lib/libACE.so.6.2.6
#16 0x002402d5 in ACE_Thread_Adapter::invoke_i() () from /usr/local/mapguideopensource-3.0.0/lib/libACE.so.6.2.6
#17 0x002403c7 in ACE_Thread_Adapter::invoke() () from /usr/local/mapguideopensource-3.0.0/lib/libACE.so.6.2.6
#18 0x001d133f in ace_thread_adapter () from /usr/local/mapguideopensource-3.0.0/lib/libACE.so.6.2.6
#19 0x023acd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#20 0x022eb9de in clone () from /lib/i386-linux-gnu/libc.so.6

[jng]

Moved to: ​https://trac.osgeo.org/fdo/ticket/946