Skip to content

Commit

Permalink
Fix illegal use of stack-allocated objects in maprendering
Browse files Browse the repository at this point in the history
pointObj and lineObj defined in the else block in msDrawLabelBounds()
are valid only in the "else" block context. Once outside (e.g. in the
"return msDrawShadeSymbol()"), the variables should not be considered
valid anymore ; it led in some cases in underlying calls to
msSmallAlloc() with a negative integer, resulting in a "unable to
allocate memory" error.

First version of this patch extracted the pointObj / lineObj variables
just before the "if" call, the current one was proposed by @gberaudo.
  • Loading branch information
pmauduit committed Jul 3, 2014
1 parent 0c573e4 commit f7772c3
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions maprendering.c
Original file line number Diff line number Diff line change
Expand Up @@ -975,6 +975,7 @@ int msDrawLabelBounds(mapObj *map, imageObj *image, label_bounds *bnds, styleObj
shape.numlines = 1;
if(bnds->poly) {
shape.line = bnds->poly;
return msDrawShadeSymbol(map,image,&shape,style,scalefactor);
} else {
pointObj pnts1[5];
lineObj l;
Expand All @@ -984,9 +985,9 @@ int msDrawLabelBounds(mapObj *map, imageObj *image, label_bounds *bnds, styleObj
pnts1[2].x = pnts1[3].x = bnds->bbox.maxx;
pnts1[0].y = pnts1[3].y = pnts1[4].y = bnds->bbox.miny;
pnts1[1].y = pnts1[2].y = bnds->bbox.maxy;
shape.line = &l;
shape.line = &l; // must return from this block
return msDrawShadeSymbol(map,image,&shape,style,scalefactor);
}
return msDrawShadeSymbol(map,image,&shape,style,scalefactor);
}

int msDrawTextSymbol(mapObj *map, imageObj *image, pointObj labelPnt, textSymbolObj *ts)
Expand Down

0 comments on commit f7772c3

Please sign in to comment.