[mapserver-dev] Re: [mapserver-users] mapserver 5.0.2 segv using AGG

Stephen Woodbridge woodbri at swoodbridge.com
Wed Apr 16 15:20:07 EDT 2008 

Moving this to the dev list ...

As a follow up to this it is reproducible on the current nightly tarball 
also.

So in mapgd.c lines 3595+ are:

         gdPImg = 
gdImageCreatePaletteFromTrueColor(img,dither,colorsWanted);
         /* It seems there is a bug in gd 2.0.33 and earlier that leaves the
          colors open[] flag set to one. */
         for( i = 0; i < gdPImg->colorsTotal; i++ )
             gdPImg->open[i] = 0;
         gdImagePngCtx( gdPImg, ctx );
         gdImageDestroy( gdPImg );

It looks like the call to gdImageCreatePaletteFromTrueColor() is 
returning NULL and mapserver is not checking and dealing with this 
condition and passing gdPImg as a NULL pointer to gdImagePngCtx( gdPImg, 
ctx ); which is causing a SEGV when it is accessed.

Running with packages on Debian Etch:

libgd2-noxpm/stable uptodate 2.0.33-5.2
libgd2-noxpm-dev/stable uptodate 2.0.33-5.2

I also ran into this same problem in brief experience with Fedora 8.

-Steve W


Stephen Woodbridge wrote:
> Hi all,
> 
> Is this a known problem? I did could not find a ticket for it. I'm 
> trying the nightly build next.
> 
> -Steve
> 
> woodbri at maps:/u/woodbri/work/mapserver-5.0.2$ gdb mapserv
> GNU gdb 6.4.90-debian
> Copyright (C) 2006 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you 
> are
> welcome to change it and/or distribute copies of it under certain 
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu"...Using host libthread_db 
> library "/lib/libthread_db.so.1".
> 
> (gdb) run 
> QUERY_STRING='map=%2Fu%2Fdata%2Fmaps%2Fgoogle-agg.map&layers=all&map_imagetype=agg%2Fpng24&mode=map&mapext=-88.20558679540737+41.41346751789421+-87.09441320459264+42.28653248210579&imgext=-88.20558679540737+41.41346751789421+-87.09441320459264+42.28653248210579&map_size=700+550&imgx=350&imgy=275&imgxy=700+550' 
>  > a
> Starting program: /u/woodbri/work/mapserver-5.0.2/mapserv 
> QUERY_STRING='map=%2Fu%2Fdata%2Fmaps%2Fgoogle-agg.map&layers=all&map_imagetype=agg%2Fpng24&mode=map&mapext=-88.20558679540737+41.41346751789421+-87.09441320459264+42.28653248210579&imgext=-88.20558679540737+41.41346751789421+-87.09441320459264+42.28653248210579&map_size=700+550&imgx=350&imgy=275&imgxy=700+550' 
>  > a
> [Thread debugging using libthread_db enabled]
> [New Thread 47982973225104 (LWP 20007)]
> warning: Lowest section in /usr/lib/libicudata.so.36 is .hash at 
> 0000000000000120
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 47982973225104 (LWP 20007)]
> 0x00002ba3e360e733 in gdImagePngCtxEx () from /usr/lib/libgd.so.2
> (gdb) where
> #0  0x00002ba3e360e733 in gdImagePngCtxEx () from /usr/lib/libgd.so.2
> #1  0x0000000000453bb3 in msSaveImageGDCtx (img=0x738040, ctx=0x6c1a90,
>     format=0x6247a0) at mapgd.c:3602
> #2  0x0000000000453d3e in msSaveImageGD (img=0x738040,
>     filename=<value optimized out>, format=0x6247a0) at mapgd.c:3543
> #3  0x0000000000454886 in msSaveImageAGG (img=0x738040, filename=0x0,
>     format=0x6247a0) at mapagg.cpp:2194
> #4  0x0000000000428f5b in msSaveImage (map=0x61d560, img=0x738000,
>     filename=0x0) at maputil.c:604
> #5  0x000000000040e8d4 in main (argc=<value optimized out>,
>     argv=<value optimized out>) at mapserv.c:1580
> (gdb) q
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users

More information about the mapserver-dev mailing list