Skip to content

Fix: Memory leaks in config and landing page fixes#7385

Merged
jmckenna merged 4 commits into
MapServer:mainfrom
geographika:asan-fix
Nov 13, 2025
Merged

Fix: Memory leaks in config and landing page fixes#7385
jmckenna merged 4 commits into
MapServer:mainfrom
geographika:asan-fix

Conversation

@geographika
Copy link
Copy Markdown
Member

@geographika geographika commented Nov 11, 2025

Fix for following asan errors (see #7384):

==36744==ERROR: AddressSanitizer: stack-use-after-scope on address 0x70caa8900020 at pc 0x70cab821f96f bp 0x7ffcf1eb86e0 sp 0x7ffcf1eb7e88
READ of size 12 at 0x70caa8900020 thread T0
    #0 0x70cab821f96e in strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391
    #1 0x70cab2e84613 in pcre2_regexec (/lib/x86_64-linux-gnu/libpcre2-posix.so.3+0x1613) (BuildId: 82e51d62e96715f491183a56806553d062ba132c)
    #2 0x70cab7298236 in ms_regexec /src/src/mapregex.c:93
    #3 0x70cab72a3e28 in msEvalRegex /src/src/mapfile.c:149
    #4 0x70cab72e3c3d in msLoadMap /src/src/mapfile.c:7034
    #5 0x70cab6fae932 in msCGILoadMap /src/src/mapservutil.c:271
    #6 0x654190509ce3 in main /src/src/apps/mapserv.c:278
    #7 0x70cab63031c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #8 0x70cab630328a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #9 0x654190508974 in _start (/src/build/mapserv+0x3974) (BuildId: 6f13b92201bf317acafea77e6371beb751e6d60f)

cc @jmckenna

@geographika geographika mentioned this pull request Nov 11, 2025
Merged
@jmckenna jmckenna added this to the 8.6.0 Release milestone Nov 11, 2025
rouault
rouault reviewed Nov 11, 2025
View reviewed changes
Comment thread src/mapserv-index.cpp
@jmckenna
Copy link
Copy Markdown
Member

jmckenna commented Nov 12, 2025
edited
Loading

thanks @geographika I am running the WITH_ASAN tests now locally, with this pull request branch...

@jmckenna
Copy link
Copy Markdown
Member

jmckenna commented Nov 12, 2025
edited
Loading

  • Unfortunately I missed that now this pull request causes additional test issues (both here in the CI and locally). It is very very difficult now to see the asan and coverage errors in the CI (as I reported earlier, that the builds pass with a big green checkmark for WITH_ASAN and also WITH_COVERAGE, even though both the raw logs here in the CI, and local tests, fail). Now, with the latest changes in this pull request:
  • WITH_COVERAGE (initially 2 other errors were fixed through PR [msautotest] fix CONFIG test errors (for WITH_COVERAGE) #7384) now currently reports the following fails:
============================
2025-11-11T19:36:23.4831175Z FAILED run_test.py::test[index_index_map_landing_missing_txt] - AssertionErro...
2025-11-11T19:36:23.4834290Z FAILED run_test.py::test[index_index_map_landing_missing_html_txt] - Assertio...
2025-11-11T19:36:23.4835036Z =================== 2 failed, 35 passed, 1 warning in 2.79s ====================
  • The ASAN log for index_map_landing_missing.txt :
=================================================================
==36753==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7d3410f00020 at pc 0x7d342084a96f bp 0x7ffd32e055c0 sp 0x7ffd32e04d68
READ of size 14 at 0x7d3410f00020 thread T0
    #0 0x7d342084a96e in strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391
    #1 0x7d341b4af613 in pcre2_regexec (/lib/x86_64-linux-gnu/libpcre2-posix.so.3+0x1613) (BuildId: 82e51d62e96715f491183a56806553d062ba132c)
    #2 0x7d341f8c3236 in ms_regexec /src/src/mapregex.c:93
    #3 0x7d341f8cee28 in msEvalRegex /src/src/mapfile.c:149
    #4 0x7d341f90ec3d in msLoadMap /src/src/mapfile.c:7034
    #5 0x7d341f5d9932 in msCGILoadMap /src/src/mapservutil.c:271
    #6 0x61842aa55ce3 in main /src/src/apps/mapserv.c:278
    #7 0x7d341e92e1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #8 0x7d341e92e28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #9 0x61842aa54974 in _start (/src/build/mapserv+0x3974) (BuildId: bad9c196132e446a0b8409868949f2356ac51a6f)

Address 0x7d3410f00020 is located in stack of thread T0 at offset 32 in frame
    #0 0x7d341f5d8eb6 in msCGILoadMap /src/src/mapservutil.c:169

  This frame has 1 object(s):
    [32, 1056) 'pathBuf' (line 225) <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391 in strlen
Shadow bytes around the buggy address:
  0x7d3410effd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7d3410effe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7d3410effe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7d3410efff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7d3410efff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7d3410f00000: f1 f1 f1 f1[f8]f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x7d3410f00080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x7d3410f00100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x7d3410f00180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x7d3410f00200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x7d3410f00280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==36753==ABORTING
  • The ASAN log for index_map_landing_missing_html.txt :
=================================================================
==36761==ERROR: AddressSanitizer: stack-use-after-scope on address 0x707805200020 at pc 0x707814c0696f bp 0x7ffcd2751910 sp 0x7ffcd27510b8
READ of size 14 at 0x707805200020 thread T0
    #0 0x707814c0696e in strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391
    #1 0x70780f86b613 in pcre2_regexec (/lib/x86_64-linux-gnu/libpcre2-posix.so.3+0x1613) (BuildId: 82e51d62e96715f491183a56806553d062ba132c)
    #2 0x707813c7f236 in ms_regexec /src/src/mapregex.c:93
    #3 0x707813c8ae28 in msEvalRegex /src/src/mapfile.c:149
    #4 0x707813ccac3d in msLoadMap /src/src/mapfile.c:7034
    #5 0x707813995932 in msCGILoadMap /src/src/mapservutil.c:271
    #6 0x56690ed8ace3 in main /src/src/apps/mapserv.c:278
    #7 0x707812cea1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #8 0x707812cea28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #9 0x56690ed89974 in _start (/src/build/mapserv+0x3974) (BuildId: bad9c196132e446a0b8409868949f2356ac51a6f)

Address 0x707805200020 is located in stack of thread T0 at offset 32 in frame
    #0 0x707813994eb6 in msCGILoadMap /src/src/mapservutil.c:169

  This frame has 1 object(s):
    [32, 1056) 'pathBuf' (line 225) <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391 in strlen
Shadow bytes around the buggy address:
  0x7078051ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7078051ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7078051ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7078051fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7078051fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x707805200000: f1 f1 f1 f1[f8]f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x707805200080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x707805200100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x707805200180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x707805200200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
  0x707805200280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==36761==ABORTING
  • the WITH_ASAN tests failing now are:
025-11-11T19:35:17.3623824Z =========================== short test summary info ============================
2025-11-11T19:35:17.3624533Z FAILED run_test.py::test[index_kitchensink_index_kitchensink_json] - Assertio...
2025-11-11T19:35:17.3625350Z FAILED run_test.py::test[index_wfs_index_wfs_json] - AssertionError: ("result...
2025-11-11T19:35:17.3626126Z FAILED run_test.py::test[index_index_map_landing_json] - AssertionError: ("re...
2025-11-11T19:35:17.3626960Z FAILED run_test.py::test[index_index_map_landing_no_slash_json] - AssertionEr...
2025-11-11T19:35:17.3627741Z FAILED run_test.py::test[index_index_map_html] - AssertionError: ("results do...
2025-11-11T19:35:17.3628520Z FAILED run_test.py::test[index_index_map_landing_missing_txt] - AssertionErro...
2025-11-11T19:35:17.3629775Z FAILED run_test.py::test[index_index_map_landing_missing_html_txt] - Assertio...
2025-11-11T19:35:17.3630683Z FAILED run_test.py::test[index_ogcapi_index_ogcapi_json] - AssertionError: ("...
2025-11-11T19:35:17.3631729Z FAILED run_test.py::test[hello_world_ms_map_no_path2_conf_success_png] - Attr...
2025-11-11T19:35:17.3632515Z FAILED run_test.py::test[hello_world_ms_no_post_conf_success_png] - Attribute...
2025-11-11T19:35:17.3633303Z FAILED run_test.py::test[index_wms_index_wms_json] - AssertionError: ("result...
2025-11-11T19:35:17.3634084Z FAILED run_test.py::test[index_wms_nocgi_index_wms_nocgi_json] - AssertionErr...
2025-11-11T19:35:17.3634851Z FAILED run_test.py::test[index_wcs_index_wcs_json] - AssertionError: ("result...
2025-11-11T19:35:17.3635530Z =================== 13 failed, 24 passed, 1 warning in 7.11s ===================
  • All of those ASAN logs point to the same stack as the coverage logs: 'pathBuf' etc.

Just in case others want to know how to actually see the errors (deep in the logs) here on the CI:

  1. goto https://github.com/MapServer/MapServer/actions/runs/19276439316/job/55117248612
  2. select the coverage or asan job on left (single click)
  3. now on the right-side, click on the settings/cog icon, and then click "View raw logs"
  4. on the page showing the logs, right-click anywhere on that page and do a CTRL-F and search for: Results don't match
how-to-see-errors

@geographika geographika mentioned this pull request Nov 13, 2025
Merged
@geographika geographika changed the title Fix: Use string copy in getMapFromConfig Fix: Memory leaks in config and landing page fixes Nov 13, 2025
@geographika
Copy link
Copy Markdown
Member Author

geographika commented Nov 13, 2025

All those errors should now be fixed, and any future issues should now fail the CI once #7386 is merged.

@jmckenna
Copy link
Copy Markdown
Member

jmckenna commented Nov 13, 2025

confirmed locally. thanks @geographika !

@jmckenna jmckenna merged commit 2715c5d into MapServer:main Nov 13, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rouault rouault rouault left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

8.6.0 Release

Development

Successfully merging this pull request may close these issues.

3 participants

@geographika @jmckenna @rouault