Permalink
Browse files

Fixing a large number of programming errors found by static analysis

issues found by the coverity scanner, most are memory leaks on error
conditions.
  • Loading branch information...
1 parent 3d174b4 commit 55a568814e701339aa72c3366802ca615a59c64b @tbonfort tbonfort committed Feb 14, 2014
Showing with 1,246 additions and 861 deletions.
  1. +3 −21 cgiutil.c
  2. +0 −1 cgiutil.h
  3. +1 −1 hittest.c
  4. +13 −18 mapagg.cpp
  5. +3 −5 mapcairo.c
  6. +2 −1 mapcontext.c
  7. +4 −0 mapcontour.c
  8. +0 −3 mapcopy.c
  9. +8 −12 mapdebug.c
  10. +39 −18 mapdraw.c
  11. +81 −33 mapfile.c
  12. +5 −5 mapgd.c
  13. +7 −5 mapgeos.c
  14. +24 −4 mapgml.c
  15. +19 −16 mapgraticule.c
  16. +0 −1 maphash.c
  17. +6 −0 maphttp.c
  18. +6 −2 mapimageio.c
  19. +60 −64 mapimagemap.c
  20. +1 −0 mapio.c
  21. +10 −9 mapkmlrenderer.cpp
  22. +7 −2 maplabel.c
  23. +112 −115 maplayer.c
  24. +14 −3 maplegend.c
  25. +5 −7 maplibxml2.c
  26. +1 −1 maplibxml2.h
  27. +29 −24 mapogcfilter.c
  28. +5 −5 mapogcfiltercommon.c
  29. +54 −37 mapogcsld.c
  30. +1 −1 mapogcsld.h
  31. +24 −17 mapogcsos.c
  32. +1 −3 mapogr.cpp
  33. +6 −1 mapogroutput.c
  34. +32 −31 mapoutput.c
  35. +35 −31 mapows.c
  36. +63 −47 mappostgis.c
  37. +4 −5 mappostgresql.c
  38. +12 −2 mapprimitive.c
  39. +1 −1 mapproject.c
  40. +13 −9 mapquantization.c
  41. +8 −4 mapquery.c
  42. +1 −1 maprasterquery.c
  43. +12 −7 maprendering.c
  44. +3 −1 mapresample.c
  45. +7 −9 mapserv.c
  46. +102 −49 mapservutil.c
  47. +133 −63 mapshape.c
  48. +4 −1 mapsmoothing.c
  49. +8 −10 mapstring.c
  50. +2 −2 mapsymbol.c
  51. +78 −23 maptemplate.c
  52. +3 −1 maptile.c
  53. +6 −5 maptime.c
  54. +1 −0 maptree.c
  55. +8 −10 maputil.c
  56. +9 −8 mapuvraster.c
  57. +24 −17 mapwcs.c
  58. +15 −4 mapwcs11.c
  59. +15 −4 mapwcs20.c
  60. +25 −24 mapwfs.c
  61. +1 −4 mapwfs11.c
  62. +10 −4 mapwfslayer.c
  63. +51 −45 mapwms.c
  64. +1 −1 mapwmslayer.c
  65. +4 −1 mapxbase.c
  66. +1 −1 msautotest
  67. +1 −1 renderers/agg/src/agg_vcgen_dash.cpp
  68. +1 −0 shptreevis.c
  69. +1 −0 tile4ms.c
View
@@ -386,33 +386,15 @@ int rind(char *s, char c)
return -1;
}
-int _getline(char *s, int n, FILE *f)
-{
- register int i=0;
-
- while(1) {
- s[i] = (char)fgetc(f);
-
- if(s[i] == CR)
- s[i] = fgetc(f);
-
- if((s[i] == 0x4) || (s[i] == LF) || (i == (n-1))) {
- s[i] = '\0';
- return (feof(f) ? 1 : 0);
- }
- ++i;
- }
-}
-
void send_fd(FILE *f, FILE *fd)
{
- char c;
+ int c;
while (1) {
c = fgetc(f);
- if(feof(f))
+ if(c == EOF)
return;
- fputc(c,fd);
+ fputc((char)c,fd);
}
}
View
@@ -87,7 +87,6 @@ MS_DLL_EXPORT char x2c(char *);
MS_DLL_EXPORT void unescape_url(char *);
MS_DLL_EXPORT void plustospace(char *);
MS_DLL_EXPORT int rind(char *, char);
-MS_DLL_EXPORT int _getline(char *, int, FILE *);
MS_DLL_EXPORT void send_fd(FILE *, FILE *);
MS_DLL_EXPORT int ind(char *, char);
MS_DLL_EXPORT void escape_shell_cmd(char *);
View
@@ -58,7 +58,6 @@ void initClassHitTests(classObj *c, class_hittest *ch, int default_status) {
void initLayerHitTests(layerObj *l, layer_hittest *lh) {
int i,default_status;
lh->classhits = msSmallCalloc(l->numclasses,sizeof(class_hittest));
- lh->status = default_status;
switch(l->type) {
case MS_LAYER_POLYGON:
@@ -71,6 +70,7 @@ void initLayerHitTests(layerObj *l, layer_hittest *lh) {
default_status = 1; /* no hittesting needed, use traditional mode */
break;
}
+ lh->status = default_status;
for(i=0; i<l->numclasses; i++) {
initClassHitTests(l->class[i],&lh->classhits[i], default_status);
}
View
@@ -218,7 +218,6 @@ class polygon_adaptor
}
private:
shapeObj *s;
- double ox,oy;
lineObj *m_line, /*pointer to current line*/
*m_lend; /*pointer to after last line of the shape*/
pointObj *m_point, /*pointer to current vertex*/
@@ -562,44 +561,41 @@ int agg2RenderBitmapGlyphs(imageObj *img, double x, double y, labelStyleObj *sty
glyph_gen glyph(0);
mapserver::renderer_raster_htext_solid<renderer_base, glyph_gen> rt(r->m_renderer_base, glyph);
glyph.font(rasterfonts[size]);
- int numlines=0;
- char **lines;
+ int numlines=1;
+ char **lines = NULL;
/*masking out the out-of-range character codes*/
int len;
int cc_start = rasterfonts[size][2];
int cc_end = cc_start + rasterfonts[size][3];
if(msCountChars(text,'\n')) {
if((lines = msStringSplit((const char*)text, '\n', &(numlines))) == NULL)
return(-1);
- } else {
- lines = &text;
- numlines = 1;
}
y -= glyph.base_line();
for(int n=0; n<numlines; n++) {
- len = strlen(lines[n]);
+ if(lines) text = lines[n];
+ len = strlen(text);
for (int i = 0; i < len; i++)
- if (lines[n][i] < cc_start || lines[n][i] > cc_end)
- lines[n][i] = '.';
+ if (text[i] < cc_start || text[i] > cc_end)
+ text[i] = '.';
if(style->outlinewidth > 0) {
rt.color(aggColor(style->outlinecolor));
for(int i=-1; i<=1; i++) {
for(int j=-1; j<=1; j++) {
if(i||j) {
- rt.render_text(x+i, y+j, lines[n], true);
+ rt.render_text(x+i, y+j, text, true);
}
}
}
}
assert(style->color);
rt.color(aggColor(style->color));
- rt.render_text(x, y, lines[n], true);
+ rt.render_text(x, y, text, true);
y += glyph.height();
}
- if(*lines != text)
+ if(lines)
msFreeCharArray(lines, numlines);
return MS_SUCCESS;
- return MS_SUCCESS;
}
int agg2RenderGlyphsLine(imageObj *img, labelPathObj *labelpath, labelStyleObj *style, char *text)
@@ -820,6 +816,10 @@ int agg2RenderTruetypeSymbol(imageObj *img, double x, double y,
msUTF8ToUniChar(symbol->character, &unicode);
const mapserver::glyph_cache* glyph = cache->m_fman.glyph(unicode);
+ if(!glyph || glyph->glyph_index == 0) {
+ msSetError(MS_TTFERR, "invalid/not-found glpyh index", "agg2RenderTruetypeSymbol()");
+ return MS_FAILURE;
+ }
double ox = (glyph->bounds.x1 + glyph->bounds.x2) / 2.;
double oy = (glyph->bounds.y1 + glyph->bounds.y2) / 2.;
@@ -994,11 +994,6 @@ int agg2GetTruetypeTextBBox(rendererVTableObj *renderer, char **fonts, int numfo
const mapserver::glyph_cache* glyph;
string += msUTF8ToUniChar(string, &unicode);
- if(curfontidx != 0) {
- if(aggLoadFont(cache,fonts[0],size) == MS_FAILURE)
- return MS_FAILURE;
- curfontidx = 0;
- }
glyph = cache->m_fman.glyph(unicode);
if(!glyph || glyph->glyph_index == 0) {
int i;
View
@@ -855,9 +855,7 @@ static void msTransformToGeospatialPDF(imageObj *img, mapObj *map, cairo_rendere
msBufferResize(r->outputStream, nFileSize);
VSIFSeekL(fp, 0, SEEK_SET);
- VSIFReadL(r->outputStream->data, 1, nFileSize, fp);
-
- r->outputStream->size = nFileSize;
+ r->outputStream->size = VSIFReadL(r->outputStream->data, 1, nFileSize, fp);
VSIFCloseL(fp);
fp = NULL;
@@ -990,7 +988,7 @@ int getRasterBufferCopyCairo(imageObj *img, rasterBufferObj *rb)
rb->data.rgba.pixel_step=4;
rb->width = cairo_image_surface_get_width(r->surface);
rb->height = cairo_image_surface_get_height(r->surface);
- pb = (unsigned char*)malloc(rb->height * rb->data.rgba.row_step * sizeof(unsigned char*));
+ pb = (unsigned char*)malloc(rb->height * rb->data.rgba.row_step * sizeof(unsigned char));
memcpy(pb,cairo_image_surface_get_data(r->surface),rb->height * rb->data.rgba.row_step);
rb->data.rgba.pixels = pb;
rb->data.rgba.r = &(pb[2]);
@@ -1012,7 +1010,7 @@ int mergeRasterBufferCairo(imageObj *img, rasterBufferObj *rb, double opacity,
cairo_surface_t *src;
cairo_renderer *r;
/* not implemented for src,dst,width and height */
- if(!rb->type == MS_BUFFER_BYTE_RGBA) {
+ if(rb->type != MS_BUFFER_BYTE_RGBA) {
return MS_FAILURE;
}
r = CAIRO_RENDERER(img);
View
@@ -392,6 +392,7 @@ int msLoadMapContextLayerFormat(CPLXMLNode *psFormat, layerObj *layer)
pszValue = msLookupHashTable(&(layer->metadata), "wms_format");
if (
+ pszValue && (
#if !(defined USE_GD_PNG || defined USE_PNG)
strcasecmp(pszValue, "image/png") == 0 ||
strcasecmp(pszValue, "PNG") == 0 ||
@@ -404,7 +405,7 @@ int msLoadMapContextLayerFormat(CPLXMLNode *psFormat, layerObj *layer)
strcasecmp(pszValue, "image/gif") == 0 ||
strcasecmp(pszValue, "GIF") == 0 ||
#endif
- 0 ) {
+ 0 )) {
char **papszList=NULL;
int i, numformats=0;
View
@@ -387,6 +387,10 @@ static int msContourLayerReadRaster(layerObj *layer, rectObj rect)
src_yoff = 0;
dst_xsize = src_xsize = MIN(map->width,src_xsize);
dst_ysize = src_ysize = MIN(map->height,src_ysize);
+ copyRect.minx = copyRect.miny = 0;
+ copyRect.maxx = map->width;
+ copyRect.maxy = map->height;
+ dst_cellsize_y = dst_cellsize_x = 1;
}
/* -------------------------------------------------------------------- */
View
@@ -271,7 +271,6 @@ int msCopyLeader(labelLeaderObj *dst, labelLeaderObj *src)
if( freeStyle(dst->styles[i]) == MS_SUCCESS ) msFree(dst->styles[i]);
}
}
- msFree(dst->styles);
dst->numstyles = 0;
for (i = 0; i < src->numstyles; i++) {
@@ -366,7 +365,6 @@ int msCopyLabel(labelObj *dst, labelObj *src)
if( freeStyle(dst->styles[i]) == MS_SUCCESS ) msFree(dst->styles[i]);
}
}
- msFree(dst->styles);
dst->numstyles = 0;
for (i = 0; i < src->numstyles; i++) {
@@ -524,7 +522,6 @@ int msCopyClass(classObj *dst, classObj *src, layerObj *layer)
}
}
}
- msFree(dst->styles);
dst->numstyles = 0;
for (i = 0; i < src->numstyles; i++) {
View
@@ -90,17 +90,13 @@ debugInfoObj *msGetDebugInfoObj()
else if( link == NULL || link->next == NULL ) {
debugInfoObj *new_link;
- new_link = (debugInfoObj *) malloc(sizeof(debugInfoObj));
- if (new_link != NULL) {
- new_link->next = debuginfo_list;
- new_link->thread_id = thread_id;
- new_link->global_debug_level = MS_DEBUGLEVEL_ERRORSONLY;
- new_link->debug_mode = MS_DEBUGMODE_OFF;
- new_link->errorfile = NULL;
- new_link->fp = NULL;
- } else
- msSetError(MS_MEMERR, "Out of memory allocating %u bytes.\n", "msGetDebugInfoObj()", (unsigned int)sizeof(debugInfoObj));
-
+ new_link = (debugInfoObj *) msSmallMalloc(sizeof(debugInfoObj));
+ new_link->next = debuginfo_list;
+ new_link->thread_id = thread_id;
+ new_link->global_debug_level = MS_DEBUGLEVEL_ERRORSONLY;
+ new_link->debug_mode = MS_DEBUGMODE_OFF;
+ new_link->errorfile = NULL;
+ new_link->fp = NULL;
debuginfo_list = new_link;
}
@@ -146,7 +142,7 @@ int msSetErrorFile(const char *pszErrorFile, const char *pszRelToPath)
pszErrorFile = extended_path;
}
- if (debuginfo && debuginfo->errorfile && pszErrorFile &&
+ if (debuginfo->errorfile && pszErrorFile &&
strcmp(debuginfo->errorfile, pszErrorFile) == 0) {
/* Nothing to do, already writing to the right place */
return MS_SUCCESS;
View
@@ -446,14 +446,13 @@ imageObj *msDrawMap(mapObj *map, int querymap)
return(NULL);
}
}
- }
-
- if(map->debug >= MS_DEBUGLEVEL_TUNING || lp->debug >= MS_DEBUGLEVEL_TUNING) {
- msGettimeofday(&endtime, NULL);
- msDebug("msDrawMap(): Layer %d (%s), %.3fs\n",
- map->layerorder[i], lp->name?lp->name:"(null)",
- (endtime.tv_sec+endtime.tv_usec/1.0e6)-
- (starttime.tv_sec+starttime.tv_usec/1.0e6) );
+ if(map->debug >= MS_DEBUGLEVEL_TUNING || lp->debug >= MS_DEBUGLEVEL_TUNING) {
+ msGettimeofday(&endtime, NULL);
+ msDebug("msDrawMap(): Layer %d (%s), %.3fs\n",
+ map->layerorder[i], lp->name?lp->name:"(null)",
+ (endtime.tv_sec+endtime.tv_usec/1.0e6)-
+ (starttime.tv_sec+starttime.tv_usec/1.0e6) );
+ }
}
}
@@ -467,6 +466,13 @@ imageObj *msDrawMap(mapObj *map, int querymap)
if(MS_SUCCESS != msEmbedScalebar(map, image)) {
msFreeImage( image );
+#if defined(USE_WMS_LYR) || defined(USE_WFS_LYR)
+ /* Cleanup WMS/WFS Request stuff */
+ if (pasOWSReqInfo) {
+ msHTTPFreeRequestObj(pasOWSReqInfo, numOWSRequests);
+ msFree(pasOWSReqInfo);
+ }
+#endif
return NULL;
}
@@ -478,6 +484,13 @@ imageObj *msDrawMap(mapObj *map, int querymap)
if(map->legend.status == MS_EMBED && !map->legend.postlabelcache) {
if( msEmbedLegend(map, image) != MS_SUCCESS ) {
msFreeImage( image );
+#if defined(USE_WMS_LYR) || defined(USE_WFS_LYR)
+ /* Cleanup WMS/WFS Request stuff */
+ if (pasOWSReqInfo) {
+ msHTTPFreeRequestObj(pasOWSReqInfo, numOWSRequests);
+ msFree(pasOWSReqInfo);
+ }
+#endif
return NULL;
}
}
@@ -565,6 +578,13 @@ imageObj *msDrawMap(mapObj *map, int querymap)
if(MS_SUCCESS != msEmbedScalebar(map, image)) {
msFreeImage( image );
+#if defined(USE_WMS_LYR) || defined(USE_WFS_LYR)
+ /* Cleanup WMS/WFS Request stuff */
+ if (pasOWSReqInfo) {
+ msHTTPFreeRequestObj(pasOWSReqInfo, numOWSRequests);
+ msFree(pasOWSReqInfo);
+ }
+#endif
return NULL;
}
@@ -1270,19 +1290,16 @@ int msDrawQueryLayer(mapObj *map, layerObj *layer, imageObj *image)
/* if MS_HILITE, alter the one style (always at least 1 style), and set a MINDISTANCE for the labelObj to avoid duplicates */
if(map->querymap.style == MS_HILITE) {
if (layer->numclasses > 0) {
- colorbuffer = (colorObj*)malloc(layer->numclasses*sizeof(colorObj));
- mindistancebuffer = (int*)malloc(layer->numclasses*sizeof(int));
-
- if (colorbuffer == NULL || mindistancebuffer == NULL) {
- msSetError(MS_MEMERR, "Failed to allocate memory for colorbuffer/mindistancebuffer", "msDrawQueryLayer()");
- return MS_FAILURE;
- }
+ colorbuffer = (colorObj*)msSmallMalloc(layer->numclasses*sizeof(colorObj));
+ mindistancebuffer = (int*)msSmallMalloc(layer->numclasses*sizeof(int));
}
for(i=0; i<layer->numclasses; i++) {
if(layer->type == MS_LAYER_POLYGON) { /* alter BOTTOM style since that's almost always the fill */
if (layer->class[i]->styles == NULL) {
msSetError(MS_MISCERR, "Don't know how to draw class %s of layer %s without a style definition.", "msDrawQueryLayer()", layer->class[i]->name, layer->name);
+ msFree(colorbuffer);
+ msFree(mindistancebuffer);
return(MS_FAILURE);
}
if(MS_VALID_COLOR(layer->class[i]->styles[0]->color)) {
@@ -1368,7 +1385,11 @@ int msDrawQueryLayer(mapObj *map, layerObj *layer, imageObj *image)
}
if(cache) {
- if(insertFeatureList(&shpcache, &shape) == NULL) return(MS_FAILURE); /* problem adding to the cache */
+ if(insertFeatureList(&shpcache, &shape) == NULL) {
+ msFree(colorbuffer);
+ msFree(mindistancebuffer);
+ return(MS_FAILURE); /* problem adding to the cache */
+ }
}
maxnumstyles = MS_MAX(maxnumstyles, layer->class[shape.classindex]->numstyles);
@@ -2229,7 +2250,7 @@ int msDrawPoint(mapObj *map, layerObj *layer, pointObj *point, imageObj *image,
} else
msOffsetPointRelativeTo(point, layer);
- if(labeltext) {
+ if(label) {
if(layer->labelcache) {
if(msAddLabel(map, label, layer->index, classindex, NULL, point, NULL, -1) != MS_SUCCESS) return(MS_FAILURE);
} else {
@@ -2256,7 +2277,7 @@ int msDrawPoint(mapObj *map, layerObj *layer, pointObj *point, imageObj *image,
if(msScaleInBounds(map->scaledenom, theclass->styles[s]->minscaledenom, theclass->styles[s]->maxscaledenom))
msDrawMarkerSymbol(&map->symbolset, image, point, theclass->styles[s], layer->scalefactor);
}
- if(labeltext) {
+ if(label) {
if(layer->labelcache) {
if(msAddLabel(map, label, layer->index, classindex, NULL, point, NULL, -1) != MS_SUCCESS) return(MS_FAILURE);
} else
Oops, something went wrong.

0 comments on commit 55a5688

Please sign in to comment.