[mapserver-dev] App crash in mapparser.y

Sat, 19 Feb 2022 05:55:41 -0800 

Hi Devs,

I got a crash log which shows that the access violation is happening in the
following location:

*mapserver!yylex+0x1b5
[e:\builds-t1\src\mapserver-intramaps\vc15x64\mapparser.y @ 858]
                mapserver!yyparse+0x247 
[e:\home\even\mapserver\mapserver\mapparser.c @ 1461]
                mapserver!msEvalContext+0x178
[e:\builds-t1\src\mapserver-intramaps\maputil.c @ 442]
                mapserver!msDrawVectorLayer+0xb0
[e:\builds-t1\src\mapserver-intramaps\mapdraw.c @ 918]
                mapserver!msDrawLayer+0x3a3
[e:\builds-t1\src\mapserver-intramaps\mapdraw.c @ 813]
                mapserver!msDrawMap+0x415
[e:\builds-t1\src\mapserver-intramaps\mapdraw.c @ 403]
                mapscript!CSharp_mapObj_draw+0xd*

By looking into the corresponding code, the problem has happened in the
following location in yylex():




* case MS_TOKEN_BINDING_INTEGER:    token = NUMBER; ---->
(*lvalp).dblval =
atof(p->shape->values[p->expr->curtoken->tokenval.bindval.index]);
break;*

In maputil.c the call stack location is here (msEvalContext):










*msTokenizeExpression(&e, NULL, NULL);  p.shape = NULL;  p.expr = &e;
p.expr->curtoken = p.expr->tokens; /* reset */  p.type =
MS_PARSE_TYPE_BOOLEAN;----->  status = yyparse(&p);
msFreeExpression(&e);*

And in mapdraw.c







* /* TODO TBT: draw as raster layer in vector renderers */----->
annotate = msEvalContext(map, layer, layer->labelrequires);
if(map->scaledenom > 0) {    if((layer->labelmaxscaledenom != -1) &&
(map->scaledenom >= layer->labelmaxscaledenom)) annotate = MS_FALSE;
 if((layer->labelminscaledenom != -1) && (map->scaledenom <
layer->labelminscaledenom)) annotate = MS_FALSE;  }*

I'm not sure if the LABELREQUIRES option supports attribute binding
(probably not) and in that case the
p->expr->curtoken->tokenval.bindval.index would probably have undefined
value. I don't have any information about the corresponding LABELREQUIRES
expression , but if I assume it doesn't contain attribute binding, then
this crash might probably happen due to a missing parser lock around
*yyparse(&p).
*What do you think about the problem and how could we work around this?

Thanks,

Tamas

_______________________________________________
MapServer-dev mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev

Reply via email to