=================================================================
==16822==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x518000008fa0 at pc 0x7f0a9e71c7d5 bp 0x7ffcad9090c0 sp 0x7ffcad9090b0
WRITE of size 8 at 0x518000008fa0 thread T0
    #0 0x7f0a9e71c7d4 in msSLDParseRasterSymbolizer /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:2895
    #1 0x7f0a9e71f57f in msSLDParseRule /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:1048
    #2 0x7f0a9e71fe7b in msSLDParseUserStyle /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:889
    #3 0x7f0a9e71fe7b in msSLDParseNamedLayer /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:955
    #4 0x7f0a9e720aa8 in msSLDParseSLD /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:680
    #5 0x7f0a9e72861e in msSLDApplySLD /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:472
    #6 0x7f0a9e3735bf in msWMSLoadGetMapParams /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapwms.cpp:1746
    #7 0x7f0a9e37815a in msWMSDispatch /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapwms.cpp:5993
    #8 0x7f0a9e3a49f1 in msOWSDispatch /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapows.c:367
    #9 0x7f0a9e52a165 in msCGIDispatchRequest /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapservutil.c:2266
    #10 0x55675e61afa5 in main /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/apps/mapserv.c:345
    #11 0x7f0a9de2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #12 0x7f0a9de2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #13 0x55675e61a544 in _start (/root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/build/mapserv+0x2544) (BuildId: e5b9045e1995c6811d7a0a89a6d7c96213928bea)

0x518000008fa0 is located 0 bytes after 800-byte region [0x518000008c80,0x518000008fa0)
allocated by thread T0 here:
    #0 0x7f0a9ecfd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f0a9e65b7d2 in msSmallMalloc /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/maputil.c:2534
    #2 0x7f0a9e71c61c in msSLDParseRasterSymbolizer /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:2880
    #3 0x7f0a9e71f57f in msSLDParseRule /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:1048
    #4 0x7f0a9e71fe7b in msSLDParseUserStyle /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:889
    #5 0x7f0a9e71fe7b in msSLDParseNamedLayer /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:955
    #6 0x7f0a9e720aa8 in msSLDParseSLD /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:680
    #7 0x7f0a9e72861e in msSLDApplySLD /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:472
    #8 0x7f0a9e3735bf in msWMSLoadGetMapParams /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapwms.cpp:1746
    #9 0x7f0a9e37815a in msWMSDispatch /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapwms.cpp:5993
    #10 0x7f0a9e3a49f1 in msOWSDispatch /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapows.c:367
    #11 0x7f0a9e52a165 in msCGIDispatchRequest /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapservutil.c:2266
    #12 0x55675e61afa5 in main /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/apps/mapserv.c:345
    #13 0x7f0a9de2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #14 0x7f0a9de2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #15 0x55675e61a544 in _start (/root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/build/mapserv+0x2544) (BuildId: e5b9045e1995c6811d7a0a89a6d7c96213928bea)

SUMMARY: AddressSanitizer: heap-buffer-overflow /root/.pruva/runs/cve-2026-33721_20260528-132452/external/mapserver-vuln/src/mapogcsld.cpp:2895 in msSLDParseRasterSymbolizer
Shadow bytes around the buggy address:
  0x518000008d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x518000008d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x518000008e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x518000008e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x518000008f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x518000008f80: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
  0x518000009000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x518000009080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x518000009100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x518000009180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x518000009200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==16822==ABORTING