Opened 14 years ago
Closed 14 years ago
#3604 closed defect (fixed)
"free(): invalid next size" in mapfile.c:5492
| Reported by: | scaligo | Owned by: | aboudreault |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | MapServer C Library | Version: | 5.6 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Due to an incorrect malloc() for tmpstr, mapserv 5.6.5 aborts when free()ing data in mapfile.c:5492
tmpstr should be initialized as "strlen(defaultkey) - 5" rather than "strlen(defaultkey) - 8", as a % is prepended and appended to the string.
function: msApplyDefaultSubstitutions
char *tmpstr = (char *)malloc(sizeof(char)*(strlen(defaultkey)-5));
Change History (2)
comment:1 by , 14 years ago
| Owner: | changed from to |
|---|
comment:2 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Fixed and committed in trunk in r10730 and in branch 5.6 in r10731.
Thanks scaligo for the report!