Improved numerical validation.#6458
Conversation
This reverts commit 7d261af.
…e (matches Cairo approach).
mapfile.c
Outdated
| if((symbol = getSymbol(2, MS_NUMBER,MS_BINDING)) == -1) return(-1); | ||
| if(symbol == MS_NUMBER) { | ||
| label->shadowsizex = (int) msyynumber; | ||
| label->shadowsizex = (int) msyynumber; // TODO > 0 |
There was a problem hiding this comment.
Are these TODOs due to complications around adding in the checks in these cases?
In similar cases below they are commented "ok?"
There was a problem hiding this comment.
No, this is an oversight on my part - forgot to resolve the "TODO". Will update...
| case(SIZE): | ||
| if(getInteger(&(ref->width)) == -1) return(-1); | ||
| if(getInteger(&(ref->height)) == -1) return(-1); | ||
| if(getInteger(&(ref->width), MS_NUM_CHECK_RANGE, 5, ref->map->maxsize) == -1) return(-1); // is 5 reasonable? |
There was a problem hiding this comment.
Should the minimum values of 5 be added to https://mapserver.org/mapfile/reference.html#mapfile-reference-size ?
There was a problem hiding this comment.
Yes. Once there is agreement that that's the appropriate value. It seemed reasonable to me...
| case(ANGLE): { | ||
| double rotation_angle; | ||
| if(getDouble(&(rotation_angle)) == -1) return MS_FAILURE; | ||
| if(getDouble(&(rotation_angle), MS_NUM_CHECK_RANGE, -360, 360) == -1) return MS_FAILURE; |
There was a problem hiding this comment.
Can a https://mapserver.org/mapfile/map.html#mapfile-map-angle MAP->ANGLE have a negative value?
There was a problem hiding this comment.
I believe so - I mean it makes sense to me. @tbonfort, what do you think?
| int loadQueryMap(queryMapObj *querymap) | ||
| int loadQueryMap(queryMapObj *querymap, mapObj *map) | ||
| { | ||
| querymap->map = (mapObj *)map; |
There was a problem hiding this comment.
Could there be any issues with adding the map as a property to the querymap? Would it be safer to pass in the maxsize and minsize values directly to this function?
There was a problem hiding this comment.
We use the same approach with other objects (e.g. layer, scalebar) where there is an opaque pointer back to the parent so this should be ok I'd think so I was sticking to that pattern. Maybe @rouault has an opinion on this practice.
| msyylex(); | ||
|
|
||
| if(getDouble(&(rotation_angle)) == -1) break; | ||
| if(getDouble(&(rotation_angle), MS_NUM_CHECK_RANGE, -360, 360) == -1) break; |
There was a problem hiding this comment.
As above, I was unaware you could use negative angles (to presumably set anti-clockwise rotation?)
There was a problem hiding this comment.
Would be good to get confirmation from @tbonfort but this should be ok and should be easy to test.
| #ifdef SWIG | ||
| %immutable; | ||
| #endif /* SWIG */ | ||
| struct mapObj *map; ///< Reference to parent :class:`mapObj` |
There was a problem hiding this comment.
May not be required if only used to get the min and max size when loading the map (see comment above).
| #define MS_SCALEBAR_INTERVALS_MIN 1 | ||
| #define MS_SCALEBAR_INTERVALS_MAX 100 | ||
|
|
||
| #define MS_SCALEBAR_WIDTH_MIN 5 |
There was a problem hiding this comment.
Docs to udpate at https://mapserver.org/mapfile/scalebar.html#mapfile-scalebar-size
There was a problem hiding this comment.
Yes, once values are confirmed.
| /* legendObj */ | ||
| /************************************************************************/ | ||
|
|
||
| #define MS_LEGEND_KEYSIZE_MIN 5 |
There was a problem hiding this comment.
Docs to update at https://mapserver.org/mapfile/legend.html
There was a problem hiding this comment.
Yes, once values are confirmed.
|
@sdlime - looks good to me, and any validation that can be done at the Mapfile parsing stage will save a lot of pain later on. I ran on a couple of large Mapfiles I have here, and hit the error message Do you expect parsing speeds to be impacted in any way? I can try and test that here to see. Finally I can look at making a docs pull request with the min/max values for various keywords if that helps. |
|
@geographika, I'm not anticipating any significant impact on parsing speed. If you have the opportunity to validate then that would be great. In the big scheme of things additions like the config file will have a more significant affect - especially for straight CGI execution. In terms of things like WIDTH 0, I wrestled with handling default values when I worked through this. I did do some testing when writing mapfiles via MapScript to make sure that default values weren't being written routinely. I mean, we wouldn't want MapServer to barf reading a mapfile that was written by MapServer. That doesn't seem to be the case here and we can recommend commenting things out rather than using a value like 0. That said, we could conditionally allow default values in a few cases if something like WIDTH 0 is pretty commonplace - recommended in the docs or whatever. --Steve |
…d clarifying comments in loadColor(). Resolved a couple of TODO comments.
|
I think I got things resolved (except for docs)... Please let me know about merging. --Steve |
|
This will be a candidate for backport to 7.6 but I think we should wait until some 8.0 testing happens. |
|
@sdlime - do you want me to update the docs? I'm also going to update mappyfile to include the min/max values so can do both at the same time. |
That would be great! |
|
re: backport: I'd also prefer getting feedback through main branch first (will do tests with MS4W today) re: docs: I'd like to see us getting back to filing an associated ticket in the documentation repository, for each new feature: the benefit is that the docs team will test each new feature, while adding the docs. This also is a way to keep track of what is missing in the docs. |
|
As a user I'd say that this change (much as I find it a good thing (TM)) shouldn't be backported - it's a change that could break existing installations. Yes, those are installations with "invalid" mapfiles, but if they weren't sufficiently invalid that they couldn't be used then it would be rude to introduce what is effectively a breaking change in a minor (or even bugfix) release. |
|
I agree with you @ejn |
|
@sdlime something bizarre is happening locally for me, sorry if this sounds like a crazy question: could the output of map2img's |
|
No, the various debug settings are unaffected. This is actually an oversight since if debug is given as a number then it should be checked as well but the code in mapfile.c uses getSymbol() so I missed it. I can patch that... Anyway, map2img is setting map->debug directly, apart from what's in the mapfile so these changes have no bearing on that. I'm happy to try on my end if you have a test case. |
|
Ok thanks, makes sense. I'll take a deeper look and see if it was something on my end (likely) first. |
|
@sdlime solved, it was on my end. Will continue testing this... |
|
@Steve can something be done to include a line number in the error message? For example, a mapfile with 30 entries of Or is this a huge can of worms, for another day? |
No, this can be addressed in the error handling. That said, we could also test for >= 0 if width=0 is a common setting (the default width is 1). @geographika has a ticket #6463 that is documenting some exceptions we'll need to address. Perhaps you could add this there so it's all in one spot. |
* Refactor validation of numeric content read from the mapfile. * Updated create image function with guard to ensure positive image size (matches Cairo approach).
| /************************************************************************/ | ||
|
|
||
| #define MS_LEGEND_KEYSIZE_MIN 5 | ||
| #define MS_LEGEND_KEYSIZE_MAX 200 |
There was a problem hiding this comment.
I'm currently migrating from MS 7.6 to 8.0 and I have a problem with this limitation: So far I could provide legends consisting of a PNG like this:
LEGEND
KEYSIZE 216 216
KEYSPACING 7 7
STATUS ON
END
CLASS
KEYIMAGE "./inspire_lbgr/symbol/legende-sorption_matrix.png"
NAME " "
END
Is there anything against raising the limit to 1000?
6 participants
Implements a common approach to validating numerical values read from the mapfile at parse time. Meant to complement runtime validation done throughout the code. Review and additions most welcome.