[Xastir] Crash when reading shapefile

Tom Russo russo at bogodyn.org
Fri Jun 19 23:20:00 EDT 2009 

On Fri, Jun 19, 2009 at 05:50:39PM -0500, we recorded a bogon-computron collision of the <godfreja at gmail.com> flavor, containing:
> Hello.
> 
> I've been trying to get xastir to display a shapefile that was created
> by an online KML to shapefile converter. After figuring out a dbfawk
> file and fixing some coordinate problems with my converted shapefile I
> finally got xastir to try to draw based on the shapefile. However,
> xastir crashes. I've had issues with both 1.9.2 and 1.9.5.
> 
> Below is some output from my troubles. I ran in gdb to get a backtrace:
> 
> *** Done with WX Alert log files
>   ENOENT ERROR
> Fri Jun 19 16:16:15 CDT 2009:
>   Interface Error!  Error opening interface 0 Hard Fail
> 
> ERROR 3: Error in fseek() or fread() reading object from .shp file.
> ERROR 3: Error in fseek() or fread() reading object from .shp file.
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x00000028
> build_rtree (root=0x2373424, sHP=0x2373360) at shp_hash.c:302
> 302            bbox_shape.boundary[0]=(RectReal) psCShape->dfXMin;


Looks suspiciously like there's an error accessing a shape from the file,
and the struct psCShape isn't allocated.  The line prior to this one is:

 psCShape = SHPReadObject ( sHP, i );

and this is supposed to read shape number "i" from the file and allocate
the structure.  The code simply assumes that this succeeds and that's where
the error comes in --- this has clearly not succeeded.

The loop over i is:

    SHPGetInfo(sHP, &nEntities, NULL, NULL, NULL);
    for( i = 0; i < nEntities; i++ ) {

so we get the number of shapes out of the shapefile and then loop over that,
expecting that they're all there.  It is possible that your KML-to-shapefile
converter is setting the number of shapes in the shapefile wrong, and causing
us to attempt to read past the end of the file.

Try instrumenting the code with a printf to print how many shapes the 
shapefile *says* it has, and see what "i" is before the crash.  Betcha there's
an off-by-one error in the converted shapefile.


> Am I running into a known issue? If not I am willing to do some debugging.

Not a known error.  The code is clearly *not* doing some error checking it
should do (check for null pointer return from SHPReadObject before 
dereferencing it), but neither should SHPReadObject ever fail so long as you're
accessing a shape number that's lower than the number in the file  ---  again,
I suspect that the file is advertising more shapes than it actually contains.

-- 
Tom Russo    KM5VY   SAR502   DM64ux          http://www.swcp.com/~russo/
Tijeras, NM  QRPL#1592 K2#398  SOC#236        http://kevan.org/brain.cgi?DDTNM
  In some cultures what I do would be considered normal. 
                                  -- Ineffective daily affirmation

More information about the Xastir mailing list