<br><font size=2 face="sans-serif">Hello list-members, hello Fernando Simon</font>
<br>
<br><font size=2 face="sans-serif">We are using Mapserver with Java/Oracle
and found crashes (of the hole VM) in some </font>
<br><font size=2 face="sans-serif">calls of layerObj.getFeature(int shapeindex,
int tileindex);</font>
<br>
<br><font size=2 face="sans-serif">As fare as I can see, the crashes occure
when the queried SDO_Geometry has value null.</font>
<br>
<br><font size=2 face="sans-serif">Digging in maporaclespatial.c /msOracleSpatialLayerGetShape:
</font>
<br><font size=2 face="sans-serif">Line 2155 (in Version 4.10.0)</font>
<br><font size=2 face="sans-serif">
success = TRY( hand, OCIDefineByPos( dthand->stmthp, &items[i],
.....</font>
<br><font size=2 face="sans-serif">(where i is index over selected columns)</font>
<br>
<br><font size=2 face="sans-serif">The array "items" is allocated
and initialized with only one element. Therefore &items[i] is a pointer
to </font>
<br><font size=2 face="sans-serif">arbitrary memory for i > 0. This
seems to cause the crash.</font>
<br>
<br><font size=2 face="sans-serif">Changed the code in the obvious way:</font>
<br><font size=2 face="sans-serif">- items declared as </font>
<br><font size=2 face="sans-serif"> OCIDefine
**items;</font>
<br><font size=2 face="sans-serif">- allocation:</font>
<br><font size=2 face="sans-serif"> items =
calloc(sizeof(OCIDefine*),layer->numitems); </font>
<br>
<br><font size=2 face="sans-serif">The Crashes we detected disappeared.
No harmfull side-effects found.</font>
<br>
<br><font size=2 face="sans-serif">Cleaning of the allocated memory is
still needed. (As fare as I can see memory cleaning is also</font>
<br><font size=2 face="sans-serif">missing for the variable nullind.)</font>
<br>
<br><font size=2 face="sans-serif">Same problem in msOracleSpatialLayerGetExtent.</font>
<br>
<br><font size=2 face="sans-serif">Greetings</font>
<br><font size=2 face="sans-serif">Benedikt</font>
<br>
<br>