fix segfault on WFS filters with empty Literals #5347

Closed
tomkralidis opened this Issue Nov 10, 2016 · 10 comments

Projects

None yet

3 participants

@tomkralidis
Member
tomkralidis commented Nov 10, 2016 edited

Testing for 'not empty' literals returns 500 / segfault on 7.0.2. Worked in 6.4.x:

gdb --args mapserv  "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=totalozoneobs&filter=<Filter><PropertyIsNotEqualTo><PropertyName>platform_type</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mapserv...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/mapserv QUERY_STRING=map=/tmp/foo.map\&version=1.1.0\&service=WFS\&request=GetFeature\&typename=totalozoneobs\&filter=\<Filter\>\<PropertyIsNotEqualTo\>\<PropertyName\>platform_type\</PropertyName\>\<Literal\>\</Literal\>\</PropertyIsNotEqualTo\>\</Filter\>\&maxfeatures=1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00007ffff79db8f7 in msPostGISLayerTranslateFilter () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#2  0x00007ffff79fb87e in msLayerWhichShapes () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#3  0x00007ffff7a1d851 in msQueryByFilter () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#4  0x00007ffff7a3b918 in FLTLayerApplyPlainFilterToLayer () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#5  0x00007ffff7a77e61 in ?? () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#6  0x00007ffff7a7c2b7 in msWFSDispatch () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#7  0x00007ffff79ae249 in msOWSDispatch () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#8  0x00007ffff79b6d5d in msCGIDispatchRequest () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#9  0x0000000000401357 in main ()
@tomkralidis tomkralidis added this to the 7.0.3 Release milestone Nov 10, 2016
@sdlime
Member
sdlime commented Nov 10, 2016

What's the underlying layer type for totalozoneobs?

@tomkralidis
Member

PostgreSQL/PostGIS

@sdlime
Member
sdlime commented Nov 10, 2016

Can you post (or send me) foo.map?

@tomkralidis
Member
tomkralidis commented Nov 10, 2016 edited

@sdlime minimal test map:

foo.map

MAP
 NAME "sample"
 STATUS ON
 SIZE 600 400
 EXTENT -180 -90 180 90
 IMAGECOLOR 255 255 255
 PROJECTION
  "init=epsg:4326"
 END
 WEB
  METADATA
   "ows_onlineresource" "http://localhost/ows"
   "ows_enable_request" "*"
  END
 END
 LAYER
  NAME 'foo'
  TYPE POINT
  STATUS DEFAULT
  CONNECTION "host=localhost dbname=foo user=foopassword=foo"
  CONNECTIONTYPE POSTGIS
  PROCESSING "CLOSE_CONNECTION=DEFER"
 END
END

Sample request based on above test case:

mapserv "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=foo&filter=<Filter><PropertyIsNotEqualTo><PropertyName>station_name</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"

@sdlime
Member
sdlime commented Nov 10, 2016

Beautiful, thank you...

@tomkralidis
Member
tomkralidis commented Nov 11, 2016 edited

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available. And/or NULL is being passed to strlen.

@tomkralidis
Member

I tested this again just now, it turns out the CSV minimal case does indeed work so it looks like a PostGIS string handling issue when someone passes ....<Literal></Literal>, which I am guessing is NULL and causes the issue.

@sdlime
Member
sdlime commented Nov 14, 2016

So what systems typically don't have strlen available?


From: Tom Kralidis [notifications@github.com]
Sent: Thursday, November 10, 2016 6:29 PM
To: mapserver/mapserver
Cc: Lime, Steve D (MNIT); Mention
Subject: Re: [mapserver/mapserver] fix segfault on WFS filters with empty Literals (#5347)

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/mapserver/mapserver/issues/5347#issuecomment-259848838, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABhm-y-85BrnoVj-30dUEtzVjAL_cq_hks5q87brgaJpZM4KuvxB.

@tomkralidis
Member

@sdlime from further testing (see my updated comments in this ticket, which likely do not get emailed to you as updates). The strlen error message may be a false positive. It's indeed a mappostgis.c specific issue of handling NULL <Literal> values as part of filter translation.

@rouault rouault added a commit to rouault/mapserver that referenced this issue Nov 26, 2016
@rouault rouault Fix segfault on WFS filters with empty literals (PostGIS + Spatialite…
…). Implement PropertyIsNull for those layers (#5347)

The PropertyIsNull is handled through a hack that consists in emulating it as a
PropertyIsEqualTo "_MAPSERVER_NULL_" comparison. This is only done for PostGIS and
Spatialite layers.

CREDITS: Funded by:
Regione Toscana - Settore Sistema Informativo Territoriale ed
Ambientale (CIG: 644544015A)
a0e8ee0
@rouault rouault added a commit to rouault/mapserver that referenced this issue Nov 27, 2016
@rouault rouault Fix segfault on WFS filters with empty literals (PostGIS + Spatialite…
…). Implement PropertyIsNull for those layers (#5347)

The PropertyIsNull is handled through a hack that consists in emulating it as a
PropertyIsEqualTo "_MAPSERVER_NULL_" comparison. This is only done for PostGIS and
Spatialite layers.

CREDITS: Funded by:
Regione Toscana - Settore Sistema Informativo Territoriale ed
Ambientale (CIG: 644544015A)
aed060c
@rouault rouault added a commit to rouault/mapserver that referenced this issue Nov 27, 2016
@rouault rouault Fix segfault on WFS filters with empty literals (PostGIS + Spatialite…
…). Implement PropertyIsNull for those layers (#5347)

The PropertyIsNull is handled through a hack that consists in emulating it as a
PropertyIsEqualTo "_MAPSERVER_NULL_" comparison. This is only done for PostGIS and
Spatialite layers.

CREDITS: Funded by:
Regione Toscana - Settore Sistema Informativo Territoriale ed
Ambientale (CIG: 644544015A)
4cb057c
@rouault
Contributor
rouault commented Nov 28, 2016

Fixed per rouault@4cb057c

@rouault rouault closed this Nov 28, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment