New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix segfault on WFS filters with empty Literals #5347

Closed
tomkralidis opened this Issue Nov 10, 2016 · 10 comments

Comments

Projects
None yet
3 participants
@tomkralidis
Member

tomkralidis commented Nov 10, 2016

Testing for 'not empty' literals returns 500 / segfault on 7.0.2. Worked in 6.4.x:

gdb --args mapserv  "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=totalozoneobs&filter=<Filter><PropertyIsNotEqualTo><PropertyName>platform_type</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mapserv...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/mapserv QUERY_STRING=map=/tmp/foo.map\&version=1.1.0\&service=WFS\&request=GetFeature\&typename=totalozoneobs\&filter=\<Filter\>\<PropertyIsNotEqualTo\>\<PropertyName\>platform_type\</PropertyName\>\<Literal\>\</Literal\>\</PropertyIsNotEqualTo\>\</Filter\>\&maxfeatures=1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00007ffff79db8f7 in msPostGISLayerTranslateFilter () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#2  0x00007ffff79fb87e in msLayerWhichShapes () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#3  0x00007ffff7a1d851 in msQueryByFilter () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#4  0x00007ffff7a3b918 in FLTLayerApplyPlainFilterToLayer () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#5  0x00007ffff7a77e61 in ?? () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#6  0x00007ffff7a7c2b7 in msWFSDispatch () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#7  0x00007ffff79ae249 in msOWSDispatch () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#8  0x00007ffff79b6d5d in msCGIDispatchRequest () from /usr/lib/x86_64-linux-gnu/libmapserver.so.2
#9  0x0000000000401357 in main ()

@tomkralidis tomkralidis added this to the 7.0.3 Release milestone Nov 10, 2016

@sdlime

This comment has been minimized.

Show comment
Hide comment
@sdlime

sdlime Nov 10, 2016

Member

What's the underlying layer type for totalozoneobs?

Member

sdlime commented Nov 10, 2016

What's the underlying layer type for totalozoneobs?

@tomkralidis

This comment has been minimized.

Show comment
Hide comment
@tomkralidis

tomkralidis Nov 10, 2016

Member

PostgreSQL/PostGIS

Member

tomkralidis commented Nov 10, 2016

PostgreSQL/PostGIS

@sdlime

This comment has been minimized.

Show comment
Hide comment
@sdlime

sdlime Nov 10, 2016

Member

Can you post (or send me) foo.map?

Member

sdlime commented Nov 10, 2016

Can you post (or send me) foo.map?

@tomkralidis

This comment has been minimized.

Show comment
Hide comment
@tomkralidis

tomkralidis Nov 10, 2016

Member

@sdlime minimal test map:

foo.map

MAP
 NAME "sample"
 STATUS ON
 SIZE 600 400
 EXTENT -180 -90 180 90
 IMAGECOLOR 255 255 255
 PROJECTION
  "init=epsg:4326"
 END
 WEB
  METADATA
   "ows_onlineresource" "http://localhost/ows"
   "ows_enable_request" "*"
  END
 END
 LAYER
  NAME 'foo'
  TYPE POINT
  STATUS DEFAULT
  CONNECTION "host=localhost dbname=foo user=foopassword=foo"
  CONNECTIONTYPE POSTGIS
  PROCESSING "CLOSE_CONNECTION=DEFER"
 END
END

Sample request based on above test case:

mapserv "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=foo&filter=<Filter><PropertyIsNotEqualTo><PropertyName>station_name</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"

Member

tomkralidis commented Nov 10, 2016

@sdlime minimal test map:

foo.map

MAP
 NAME "sample"
 STATUS ON
 SIZE 600 400
 EXTENT -180 -90 180 90
 IMAGECOLOR 255 255 255
 PROJECTION
  "init=epsg:4326"
 END
 WEB
  METADATA
   "ows_onlineresource" "http://localhost/ows"
   "ows_enable_request" "*"
  END
 END
 LAYER
  NAME 'foo'
  TYPE POINT
  STATUS DEFAULT
  CONNECTION "host=localhost dbname=foo user=foopassword=foo"
  CONNECTIONTYPE POSTGIS
  PROCESSING "CLOSE_CONNECTION=DEFER"
 END
END

Sample request based on above test case:

mapserv "QUERY_STRING=map=/tmp/foo.map&version=1.1.0&service=WFS&request=GetFeature&typename=foo&filter=<Filter><PropertyIsNotEqualTo><PropertyName>station_name</PropertyName><Literal></Literal></PropertyIsNotEqualTo></Filter>&maxfeatures=1"

@sdlime

This comment has been minimized.

Show comment
Hide comment
@sdlime

sdlime Nov 10, 2016

Member

Beautiful, thank you...

Member

sdlime commented Nov 10, 2016

Beautiful, thank you...

@tomkralidis

This comment has been minimized.

Show comment
Hide comment
@tomkralidis

tomkralidis Nov 11, 2016

Member

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available. And/or NULL is being passed to strlen.

Member

tomkralidis commented Nov 11, 2016

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available. And/or NULL is being passed to strlen.

@tomkralidis

This comment has been minimized.

Show comment
Hide comment
@tomkralidis

tomkralidis Nov 11, 2016

Member

I tested this again just now, it turns out the CSV minimal case does indeed work so it looks like a PostGIS string handling issue when someone passes ....<Literal></Literal>, which I am guessing is NULL and causes the issue.

Member

tomkralidis commented Nov 11, 2016

I tested this again just now, it turns out the CSV minimal case does indeed work so it looks like a PostGIS string handling issue when someone passes ....<Literal></Literal>, which I am guessing is NULL and causes the issue.

@sdlime

This comment has been minimized.

Show comment
Hide comment
@sdlime

sdlime Nov 14, 2016

Member

So what systems typically don't have strlen available?


From: Tom Kralidis [notifications@github.com]
Sent: Thursday, November 10, 2016 6:29 PM
To: mapserver/mapserver
Cc: Lime, Steve D (MNIT); Mention
Subject: Re: [mapserver/mapserver] fix segfault on WFS filters with empty Literals (#5347)

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/mapserver/mapserver/issues/5347#issuecomment-259848838, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABhm-y-85BrnoVj-30dUEtzVjAL_cq_hks5q87brgaJpZM4KuvxB.

Member

sdlime commented Nov 14, 2016

So what systems typically don't have strlen available?


From: Tom Kralidis [notifications@github.com]
Sent: Thursday, November 10, 2016 6:29 PM
To: mapserver/mapserver
Cc: Lime, Steve D (MNIT); Mention
Subject: Re: [mapserver/mapserver] fix segfault on WFS filters with empty Literals (#5347)

Weird, on another box I'm unable to reproduce (works fine) against either master or branch-7-0.

Ah, ok. Digging deeper, it appears that this bug manifests on systems where strlen is not available.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/mapserver/mapserver/issues/5347#issuecomment-259848838, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABhm-y-85BrnoVj-30dUEtzVjAL_cq_hks5q87brgaJpZM4KuvxB.

@tomkralidis

This comment has been minimized.

Show comment
Hide comment
@tomkralidis

tomkralidis Nov 14, 2016

Member

@sdlime from further testing (see my updated comments in this ticket, which likely do not get emailed to you as updates). The strlen error message may be a false positive. It's indeed a mappostgis.c specific issue of handling NULL <Literal> values as part of filter translation.

Member

tomkralidis commented Nov 14, 2016

@sdlime from further testing (see my updated comments in this ticket, which likely do not get emailed to you as updates). The strlen error message may be a false positive. It's indeed a mappostgis.c specific issue of handling NULL <Literal> values as part of filter translation.

rouault added a commit to rouault/mapserver that referenced this issue Nov 26, 2016

Fix segfault on WFS filters with empty literals (PostGIS + Spatialite…
…). Implement PropertyIsNull for those layers (#5347)

The PropertyIsNull is handled through a hack that consists in emulating it as a
PropertyIsEqualTo "_MAPSERVER_NULL_" comparison. This is only done for PostGIS and
Spatialite layers.

CREDITS: Funded by:
Regione Toscana - Settore Sistema Informativo Territoriale ed
Ambientale (CIG: 644544015A)

rouault added a commit to rouault/mapserver that referenced this issue Nov 27, 2016

Fix segfault on WFS filters with empty literals (PostGIS + Spatialite…
…). Implement PropertyIsNull for those layers (#5347)

The PropertyIsNull is handled through a hack that consists in emulating it as a
PropertyIsEqualTo "_MAPSERVER_NULL_" comparison. This is only done for PostGIS and
Spatialite layers.

CREDITS: Funded by:
Regione Toscana - Settore Sistema Informativo Territoriale ed
Ambientale (CIG: 644544015A)

rouault added a commit to rouault/mapserver that referenced this issue Nov 27, 2016

Fix segfault on WFS filters with empty literals (PostGIS + Spatialite…
…). Implement PropertyIsNull for those layers (#5347)

The PropertyIsNull is handled through a hack that consists in emulating it as a
PropertyIsEqualTo "_MAPSERVER_NULL_" comparison. This is only done for PostGIS and
Spatialite layers.

CREDITS: Funded by:
Regione Toscana - Settore Sistema Informativo Territoriale ed
Ambientale (CIG: 644544015A)

rouault added a commit that referenced this issue Nov 28, 2016

Merge pull request #5354 from rouault/fix_5347
Fix segfault on WFS filters with empty literals (PostGIS + Spatialite). Implement PropertyIsNull for those layers (#5347)
@rouault

This comment has been minimized.

Show comment
Hide comment
@rouault

rouault Nov 28, 2016

Contributor

Fixed per rouault@4cb057c

Contributor

rouault commented Nov 28, 2016

Fixed per rouault@4cb057c

@rouault rouault closed this Nov 28, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment