<div dir="ltr"><div>I think I've discovered two causes of crashes...<br></div><br>First, one with the KML driver...<br><div><div><br>msDrawQueryLayer creates and draws a temporary layer here:<br><a href="https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapdraw.c#L1205" target="_blank">https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapdraw.c#L1205</a><br>The KML renderer sets a reference to the temporary layer here:<br><a href="https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapkmlrenderer.cpp#L371" target="_blank">https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapkmlrenderer.cpp#L371</a><br>msDrawQueryLayer later calls msDrawShape here:<br><a href="https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapdraw.c#L1295" target="_blank">https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapdraw.c#L1295</a><br>which eventually results in a call to KmlRenderer::renderGlyphs<br><a href="https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapkmlrenderer.cpp#L693" target="_blank">https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapkmlrenderer.cpp#L693</a><br>which gets to KmlRenderer::createPlacemarkNode and reuses that reference that was set:<br><a href="https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapkmlrenderer.cpp#L585" target="_blank">https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapkmlrenderer.cpp#L585</a><br>even though that temporary layer was freed earlier, leading to the crash.<br><br></div><div>And one with WMS:<br><br>It crashes around here:<br><a href="https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapdraw.c#L106" target="_blank">https://github.com/mapserver/mapserver/blob/3e8aa5a4d92c9bad105306ebe5117ed29d2b0e7c/mapdraw.c#L106</a><br></div><div>Probably due to trying to setting NULL->map... That error message should probably be moved before that line.<br></div></div></div>