[postgis-tickets] [PostGIS] #4621: oss-fuzz: stack overflow in lwcollection_from_wkb_state

[PostGIS]

#4621: oss-fuzz: stack overflow in lwcollection_from_wkb_state
----------------------+---------------------------
  Reporter:  komzpa   |      Owner:  pramsey
      Type:  defect   |     Status:  new
  Priority:  medium   |  Milestone:  PostGIS 3.1.0
 Component:  postgis  |    Version:  master
Resolution:           |   Keywords:
----------------------+---------------------------

Comment (by Algunenano):

 I'm not sure how to introduce this test without adding the 1M file to the
 repo, but the issue is with the recursion in lwgeom_from_wkb_state when
 you have an extremely deep collection (a collection of a collection of a
 collection...).

 In my PC this crashes once it reaches 261962 (!!!) calls:

 {{{
 #261943 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261944 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261945 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261946 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261947 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261948 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261949 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261950 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261951 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261952 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261953 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261954 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261955 0x00005616418b3ff0 in lwcollection_from_wkb_state
 (s=0x7ffffa6f6940) at lwin_wkb.c:690
 #261956 lwgeom_from_wkb_state (s=0x7ffffa6f6940) at lwin_wkb.c:786
 #261957 0x00005616418b463f in lwgeom_from_wkb (wkb=<optimized out>,
 wkb_size=139656151874024, check=0 '\000') at lwin_wkb.c:830
 #261958 0x0000561641891a4b in test_wkb_fuzz () at cu_in_wkb.c:287
 #261959 0x00007f043c44b118 in ?? () from /usr/lib/libcunit.so.1
 #261960 0x00007f043c44b3b2 in ?? () from /usr/lib/libcunit.so.1
 #261961 0x00007f043c44b7b7 in CU_run_all_tests () from
 /usr/lib/libcunit.so.1
 #261962 0x0000561641896925 in main (argc=1, argv=<optimized out>) at
 cu_tester.c:183
 }}}

-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4621#comment:1>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.