fix segfault on WFS filters with empty Literals

[tomkralidis]

Testing for 'not empty' literals returns 500 / segfault on 7.0.2. Worked in 6.4.x:

gdb --args mapserv  "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=totalozoneobs&filter=<Filter><PropertyIsNotEqualTo><PropertyName>platform_type</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mapserv...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/mapserv QUERY_STRING=map=/tmp/foo.map\&version=1.1.0\&service=WFS\&request=GetFeature\&typename=totalozoneobs\&filter=\<Filter\>\<PropertyIsNotEqualTo\>\<PropertyName\>platform_type\</PropertyName\>\<Literal\>\</Literal\>\</PropertyIsNotEqualTo\>\</Filter\>\&maxfeatures=1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00007ffff79db8f7 in msPostGISLayerTranslateFilter () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#2  0x00007ffff79fb87e in msLayerWhichShapes () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#3  0x00007ffff7a1d851 in msQueryByFilter () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#4  0x00007ffff7a3b918 in FLTLayerApplyPlainFilterToLayer () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#5  0x00007ffff7a77e61 in ?? () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#6  0x00007ffff7a7c2b7 in msWFSDispatch () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#7  0x00007ffff79ae249 in msOWSDispatch () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#8  0x00007ffff79b6d5d in msCGIDispatchRequest () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#9  0x0000000000401357 in main ()

[sdlime]

What's the underlying layer type for totalozoneobs?

[tomkralidis]

PostgreSQL/PostGIS

[sdlime]

Can you post (or send me) foo.map?

[tomkralidis]

@sdlime minimal test map:

foo.map

MAP
 NAME "sample"
 STATUS ON
 SIZE 600 400
 EXTENT -180 -90 180 90
 IMAGECOLOR 255 255 255
 PROJECTION
  "init=epsg:4326"
 END
 WEB
  METADATA
   "ows_onlineresource" "http://localhost/ows"
   "ows_enable_request" "*"
  END
 END
 LAYER
  NAME 'foo'
  TYPE POINT
  STATUS DEFAULT
  CONNECTION "host=localhost dbname=foo user=foopassword=foo"
  CONNECTIONTYPE POSTGIS
  PROCESSING "CLOSE_CONNECTION=DEFER"
 END
END

Sample request based on above test case:

mapserv "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=foo&filter=<Filter><PropertyIsNotEqualTo><PropertyName>station_name</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"

[sdlime]

Beautiful, thank you...

[tomkralidis]

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available. And/or NULL is being passed to strlen.

[tomkralidis]

I tested this again just now, it turns out the CSV minimal case does indeed work so it looks like a PostGIS string handling issue when someone passes ....<Literal></Literal>, which I am guessing is NULL and causes the issue.

[sdlime]

So what systems typically don't have strlen available?

---

From: Tom Kralidis [notifications@github.com]
Sent: Thursday, November 10, 2016 6:29 PM
To: mapserver/mapserver
Cc: Lime, Steve D (MNIT); Mention
Subject: Re: [mapserver/mapserver] fix segfault on WFS filters with empty Literals (#5347)

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/5347#issuecomment-259848838, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABhm-y-85BrnoVj-30dUEtzVjAL_cq_hks5q87brgaJpZM4KuvxB.

[tomkralidis]

@sdlime from further testing (see my updated comments in this ticket, which likely do not get emailed to you as updates). The strlen error message may be a false positive. It's indeed a mappostgis.c specific issue of handling NULL <Literal> values as part of filter translation.

[rouault]

Fixed per rouault@4cb057c