Fix(parser): Prevent crash with non-existent layer in REQUIRES (MapServer#7334)

* Fix(parser): Prevent crash with non-existent layer in REQUIRES

When a REQUIRES or LABELREQUIRES expression contains a reference to
a layer that does not exist in the mapfile, the expression parser would
treat it as an attribute binding. Since msEvalContext is called without
a shape object, this would lead to a NULL pointer dereference and a
crash when the parser tried to evaluate the binding.
This patch adds a check after tokenizing the expression to ensure no
attribute binding tokens are present. If any are found, it indicates
a reference to a non-existent layer. An error is reported and the
evaluation returns MS_FALSE, preventing the crash.

Fix generated by gemini-2.5-pro

* Add tests with non existant REQUIRES parameter triggering a failure

Author: marisn

msautotest/query/context.map

@@ -6,6 +6,8 @@
 # RUN_PARMS: context_test001.png [MAP2IMG] -m [MAPFILE] -l "bdry_counpy2" -o [RESULT]
 # RUN_PARMS: context_test002.png [MAP2IMG] -m [MAPFILE] -l "bdry_counpy2 indx_q100kpy4" -o [RESULT]
 # RUN_PARMS: context_test003.png [MAP2IMG] -m [MAPFILE] -l "indx_q100kpy4" -o [RESULT]
+# RUN_PARMS: context_test004.png [MAP2IMG] -m [MAPFILE] -l "req_fail" -o [RESULT]
+# RUN_PARMS: context_test005.png [MAP2IMG] -m [MAPFILE] -l "lreq_fail" -o [RESULT]
 #
 MAP
   NAME 'context'
@@ -25,4 +27,16 @@ MAP
     REQUIRES '![bdry_counpy2]'
     INCLUDE 'include/indx_q100kpy4_shapefile.map'
   END
+
+  LAYER
+    NAME 'req_fail'
+    REQUIRES '[non_existant]'
+    INCLUDE 'include/bdry_counpy2_shapefile.map'
+  END
+
+  LAYER
+    NAME 'lreq_fail'
+    LABELREQUIRES '[non_existant]'
+    INCLUDE 'include/bdry_counpy2_shapefile.map'
+  END
 END

msautotest/query/expected/context_test004.png

@@ -574,6 +574,7 @@ int msValidateContexts(mapObj *map) {
 int msEvalContext(mapObj *map, layerObj *layer, char *context) {
   int i, status;
   char *tag = NULL;
+  tokenListNodeObjPtr token = NULL;
 
   expressionObj e;
   parseObj p;
@@ -609,6 +610,24 @@ int msEvalContext(mapObj *map, layerObj *layer, char *context) {
 
   msTokenizeExpression(&e, NULL, NULL);
 
+  /*
+   * We'll check for binding tokens in the token list. Since there is no shape
+   * to bind to, the parser will crash if any are present.
+   * This is one way to catch references to non-existent layers.
+   */
+  for (token = e.tokens; token; token = token->next) {
+    if (token->token == MS_TOKEN_BINDING_DOUBLE ||
+        token->token == MS_TOKEN_BINDING_STRING ||
+        token->token == MS_TOKEN_BINDING_TIME) {
+      msSetError(MS_PARSEERR,
+                 "A non-existent layer is referenced in a LAYER REQUIRES or "
+                 "LABELREQUIRES expression: %s",
+                 "msEvalContext()", e.string);
+      msFreeExpression(&e);
+      return MS_FALSE;
+    }
+  }
+
   p.shape = NULL;
   p.expr = &e;
   p.expr->curtoken = p.expr->tokens; /* reset */