Bug when Type = ellipse and Style is over 105

[Mathieu Bertrand]

Hi,

I have a mapfile declaring a symbol like this one :
------
SYMBOL
  NAME 'test'
  TYPE ELLIPSE
  POINTS 1 1 END
  FILLED true
  STYLE
  	50 56
  END
END
------

With that symbol, mapserver always crash.
However, if I set the following STYLE, it don't crash :
STYLE
   50 55
END

I scan through the code and the error come from mapgd.c, in the
function "msDrawLineSymbolGD".  Nearly at the end of the function,
there is the following code :
---
    int k=0, sc;

    sc = fc; /* start with foreground color */
    for(i=0; i<symbol->stylelength; i++)
    {
      for(j=0; j<symbol->style[i]; j++)
      {
        styleDashed[k] = sc;
        k++;
      }
      if(sc==fc) sc = bc;
      else sc = fc;

    }
----
(format may differ)

Problem is because styleDashed is declare : "int styleDashed[100];"

I don't know why it work for k = 105 (style 50 55)  when the array is
declare to be 100 elements, but it crash when k = 106.

I declared the array to 200 elements and mapserver didn't crash.

Is anybody know why that array was declared to be only 100 elements.

I'm not a pro in c programming, but I'm pretty sure that there is a
way to allocate space in the array dynamically depending on the style
declaration of the mapfile with malloc.  Is there any reason why it
was not implemented with malloc at the beggining ?

Thank you,
-Mathieu Bertrand