Skip to content

LABEL ENCODING crashes mapserv on Windows (msSmallMalloc) #5025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jmckenna opened this issue Oct 23, 2014 · 5 comments
Closed

LABEL ENCODING crashes mapserv on Windows (msSmallMalloc) #5025

jmckenna opened this issue Oct 23, 2014 · 5 comments

Comments

@jmckenna
Copy link
Member

  • display of Japanese characters using LABEL ENCODING works fine with MapServer 6.4.1, but crashes with 6.5-dev (master)
  • example CLASS:
    CLASS
      NAME "’n–¼"
      STYLE
        COLOR 10 100 100
      END
      LABEL
        TYPE TRUETYPE
        FONT pgothic
        COLOR 220 20 20
        SIZE 7
        POSITION CL
        PARTIALS FALSE
        BUFFER 3
        ENCODING "SHIFT_JIS"
      END
    END

  Invalid allocation size: 4294967250 bytes

    Problem signature:
      Problem Event Name:   APPCRASH
      Application Name: mapserv.exe
      Application Version:  0.0.0.0
      Application Timestamp:    54454777
      Fault Module Name:    MSVCR90D.dll
      Fault Module Version: 9.0.30729.6161
      Fault Module Timestamp:   4dace5bb
      Exception Code:   80000003
      Exception Offset: 000d019d
      OS Version:   6.0.6002.2.2.0.768.2
      Locale ID:    1033
      Additional Information 1: 208f
      Additional Information 2: d97bf87abd29e32d3769b286c3111974
      Additional Information 3: 615d
      Additional Information 4: 440a56d5f2646b6a70c80f30bcbf29cb

  • opening in Visual Studio 2008 debugger, the debugger stops at:

    dbgheap.c

    line 409 (with arrow):

                  /* Diagnostic memory allocation from this point on */

              if (nSize > (size_t)(_HEAP_MAXREQ - nNoMansLandSize - sizeof(_CrtMemBlockHeader)))
              {
           -->   _RPT1(_CRT_ERROR, "Invalid allocation size: %Iu bytes.\n", nSize);
                  *errno_tmp = ENOMEM;
              }

  • which is called by maputil.c I believe, at line# 2298

       pReturn = malloc( nSize );

  • the call stack at that point is:

     msvcr90d.dll!_heap_alloc_dbg_impl(unsigned int nSize=4294967250, int nBlockUse=1, const char * szFileName=0x00000000, int nLine=0, int * errno_tmp=0x00d9e7e0)  Line 409 + 0x1e bytes  C++
    msvcr90d.dll!_nh_malloc_dbg_impl(unsigned int nSize=4294967250, int nhFlag=0, int nBlockUse=1, const char * szFileName=0x00000000, int nLine=0, int * errno_tmp=0x00d9e7e0)  Line 239 + 0x19 bytes  C++
    msvcr90d.dll!_nh_malloc_dbg(unsigned int nSize=4294967250, int nhFlag=0, int nBlockUse=1, const char * szFileName=0x00000000, int nLine=0)  Line 296 + 0x1d bytes   C++
    msvcr90d.dll!malloc(unsigned int nSize=4294967250)  Line 56 + 0x15 bytes    C++
    mapserver.dll!msSmallMalloc(unsigned int nSize=4294967250)  Line 2298 + 0xc bytes   C
    mapserver.dll!msLayoutTextSymbol(mapObj * map=0x04880880, textSymbolObj * ts=0x048ecfe8, textPathObj * tgret=0x0488eca0)  Line 491 + 0xc bytes  C
    mapserver.dll!msComputeTextPath(mapObj * map=0x04880880, textSymbolObj * ts=0x048ecfe8)  Line 174 + 0x11 bytes  C
    mapserver.dll!msDrawLabelCache(mapObj * map=0x04880880, imageObj * image=0x048ae5e0)  Line 2836 + 0xd bytes C
    mapserver.dll!msDrawMap(mapObj * map=0x04880880, int querymap=0)  Line 415 + 0xd bytes  C
    mapserver.dll!msCGIDispatchImageRequest(mapservObj * mapserv=0x0487f2b8)  Line 1506 + 0xe bytes C
    mapserver.dll!msCGIDispatchRequest(mapservObj * mapserv=0x0487f2b8)  Line 1793 + 0x9 bytes  C
    mapserv.exe!main(int argc=3, char * * argv=0x04971348)  Line 275 + 0x9 bytes    C
    mapserv.exe!__tmainCRTStartup()  Line 586 + 0x19 bytes  C
    mapserv.exe!mainCRTStartup()  Line 403  C
    kernel32.dll!7773d3c9()     
    [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]  
    ntdll.dll!778a1603()    
    ntdll.dll!778a15d6()    
    gdal200.dll!swq_expr_node::Check(swq_field_list * poFieldList=0x0008000b, int bAllowFieldsInSecondaryTables=66048)  Line 237 + 0x7 bytes    C++
@msmitherdc
Copy link
Contributor

I can confirm i get a similar error on linux using b762546

mapserv -nh "QUERY_STRING=MAP=example.map&MODE=map&LAYERS=all"
msSmallMalloc(): Out of memory allocating -184 bytes.

rouault added a commit to rouault/mapserver that referenced this issue Oct 24, 2014
@rouault
Fix wrong use of iconv() that caused encoded_text pointer to be moved…
084be4d 
… and corrupted (MapServer#5025)
rouault added a commit to rouault/mapserver that referenced this issue Oct 24, 2014
@rouault
msLayoutTextSymbol(): fix memory corruption in case of failed iconv() (
5b2c46a 
…MapServer#5025)
@rouault
Copy link
Contributor

rouault commented Oct 24, 2014

@tbonfort Are you ok with the above 2 commits (in a bugfix branch for now) ? Looking at coveralls, the recoding code path isn't currently tested by msautotest

@jmckenna
Copy link
Member Author

Verified that the initial change fixes the issue for me. Thanks @rouault !!!! @msmitherdc the test zip was updated, i was missing some font files.

@rouault
Copy link
Contributor

rouault commented Nov 4, 2014

Above 2 commits merged into master. Test case would still be great to add into msautotest

@jmckenna
Copy link
Member Author

jmckenna commented Nov 4, 2014

Verified with master. Thanks!

@jmckenna jmckenna closed this as completed Nov 4, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msmitherdc @rouault @jmckenna