[mapserver-dev] Wired behavior of msOWSGetEPSGProj()

Eichner, Andreas - SID Andreas.Eichner at sid.sachsen.de
Fri Mar 13 04:24:08 PDT 2015

Hello gurus,

due to an issue asked on the mapserver-users list I stumbled upon strange behavior of msOWSGetEPSGProj() from mapows.c. To me it looks as if it returns a pointer to a character buffer on the local stack frame:

const char *msOWSGetEPSGProj(projectionObj *proj, hashTableObj *metadata, const char *namespaces, int bReturnOnlyFirstOne)
  static char epsgCode[20] ="";
  char *value;


    if ((value=strchr(epsgCode, ' ')) != NULL) *value = '\0';

    return epsgCode;

I guess the correct way would be to copy the buffer into an malloc'ed one. But then the caller needs to free the buffer and there are lots of...

The only reason why this works in most cases might be that most (if not all) users of this function copy the result into another buffer before overwriting the stack. But that's unsafe an dangerous :(

Any oppinions on that and how to deal with it?

Kind regards

More information about the mapserver-dev mailing list