[mapserver-users] shp2img: double free or corruption
Wendell Turner
wendell at enflight.com
Tue Jul 20 06:46:31 PDT 2010
On Fri, Jul 16, 2010 at 06:38:53PM +0000, Wendell Turner wrote:
> I just upgraded from mapserver 5.4.1 to 5.6.5 and now
> shp2img gets this:
>
> *** glibc detected *** shp2img: double free or corruption (fasttop): 0x095b78b0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0xb550f1]
> /lib/libc.so.6(cfree+0x90)[0xb58bc0]
> shp2img[0x8050f06]
> /lib/libc.so.6(__libc_start_main+0xdc)[0xb01e8c]
> shp2img[0x8050601]
> ======= Memory map: ========
>
> Any clues as to what is going on?
It occurs when multiple layers are listed. It appears that
in shp2img.c, while looping through the '-l' argument list,
the name of a (possibly bad) layer is remembered via:
invalid_layer = strdup(layers[j]);
If that layer is found later, the string is freed with
if (invalid_layer)
free(invalid_layer);
which causes the double free error.
It seems that all the loop needs to do is remember the index
of the list, not a strdup of the string. Doing that
seems to work, and eliminates the double free problem.
The patch below works for me.
Wendell
===============================================================
--- shp2img.c-strdup 2009-11-04 13:53:23.000000000 +0000
+++ shp2img.c 2010-07-20 13:38:39.000000000 +0000
@@ -43,7 +43,7 @@
int num_layers=0;
int layer_found=0;
- char *invalid_layer=NULL;
+ int invalid_layer = -1;
char *outfile=NULL; /* no -o sends image to STDOUT */
@@ -263,18 +263,14 @@
break;
}
else {
- if (invalid_layer)
- free(invalid_layer);
- invalid_layer = strdup(layers[j]);
+ invalid_layer = j;
}
}
if (layer_found==0) {
- fprintf(stderr, "Layer (-l) %s not found\n", invalid_layer);
+ fprintf(stderr, "Layer (-l) %s not found\n", layers[invalid_layer]);
msCleanup();
exit(0);
}
- if (invalid_layer)
- free(invalid_layer);
}
for(j=0; j<map->numlayers; j++) {
===============================================================
More information about the MapServer-users
mailing list