[PostGIS] #5646: ST_Collect using EMPTY crashes ST_Intersects

PostGIS trac at osgeo.org
Mon Dec 18 02:07:16 PST 2023 

#5646: ST_Collect using EMPTY crashes ST_Intersects
----------------------+---------------------------
  Reporter:  Wenjing  |      Owner:  pramsey
      Type:  defect   |     Status:  new
  Priority:  medium   |  Milestone:  PostGIS 3.4.2
 Component:  postgis  |    Version:  3.4.x
Resolution:           |   Keywords:
----------------------+---------------------------
Description changed by Wenjing:

Old description:

> The following statements crash Postgis:
>
> {{{
>
> DROP TABLE IF EXISTS t0;
> CREATE TABLE t0 (id int, geom geometry);
> INSERT INTO t0 (id, geom) VALUES (1,ST_MPointFromText('MULTIPOINT((0
> 0))',0));
> INSERT INTO t0 (id, geom) VALUES (2,ST_MPointFromText('MULTIPOINT((0
> 1))',0));
> INSERT INTO t0 (id, geom) VALUES (3,ST_PolygonFromText('POLYGON
> EMPTY',0));
> INSERT INTO t0 (id, geom) VALUES (4,ST_PolygonFromText('POLYGON((0 0,-1
> 1,-1 2,0 0))',0));
> INSERT INTO t0 (id, geom)      SELECT 5, ST_Collect(ARRAY[t0.geom,
> t2.geom])      FROM t0 As t0, t0 As t2     WHERE t0.id = 4     and t2.id
> = 3;
>
> SELECT COUNT(*) FROM t0 As a1 JOIN t0 As a2 ON ST_Intersects(a1.geom,
> a2.geom);
>
> -- psql:script/test.sql:10: server closed the connection unexpectedly
> --         This probably means the server terminated abnormally
> --         before or while processing the request.
> -- psql:script/test.sql:10: error: connection to server was lost
>
> }}}
>

> The stack information:
>
> {{{
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007fed2ffdede8 in IntervalIsContained (interval=0x54a000000023,
> value=570) at lwgeom_rtree.c:103
> 103             return FP_CONTAINS_INCL(interval->min, value,
> interval->max) ? 1 : 0;
> (gdb) bt
> #0  0x00007fed2ffdede8 in IntervalIsContained (interval=0x54a000000023,
> value=570)
>     at lwgeom_rtree.c:103
> #1  0x00007fed2ffdfbb2 in RTreeFindLineSegments (root=0x54a000000023,
> value=570)
>     at lwgeom_rtree.c:440
> #2  0x00007fed2ffdfe23 in point_in_ring_rtree (root=0x54a000000023,
>     point=0x5589262a0118)
>     at lwgeom_rtree.c:515
> #3  0x00007fed2ffe0235 in point_in_multipolygon_rtree
> (root=0x558926629d10,
>     polyCount=2,
>     ringCounts=0x5589266298a8,
>     point=0x5589262a0180)
>     at lwgeom_rtree.c:605
> #4  0x00007fed2ffe041d in pip_short_circuit (poly_cache=0x5589266299f0,
>     point=0x5589262a0180,
>     gpoly=0x5589262a0060)
>     at lwgeom_rtree.c:661
> #5  0x00007fed2ffba6e6 in ST_Intersects (fcinfo=0x5589266270f0) at
> lwgeom_geos.c:2382
> #6  0x0000558924f4b040 in ExecInterpExpr()
> #7  0x0000558924f7b94c in ExecNestLoop ()
> #8  0x0000558924f5e241 in fetch_input_tuple ()
> #9  0x0000558924f61343 in ExecAgg ()
> #10 0x0000558924f4e872 in standard_ExecutorRun ()
> #11 0x00005589250ea1df in PortalRunSelect()
> #12 0x00005589250eb5c3 in PortalRun ()
> #13 0x00005589250e7a9d in exec_simple_query ()
> #14 0x00005589250e9de5 in PostgresMain ()
> #15 0x0000558925063d8e in ServerLoop ()
> #16 0x0000558925064cdc in PostmasterMain()
> #17 0x0000558924db5bb1 in main ()
>
> }}}
>
> Because I cannot build PostGIS successfully when using the latest version
> of PostGIS in GitHub, I chose the latest one with a green check mark,
> which may mean a successful build in CI/CD.
>
> Version is g61bc019eb behind [the fix of the last EMPTY
> crash](https://trac.osgeo.org/postgis/changeset/e85cd10523ac7cd5e9ebe34c45f3317e9a19fe32/git),
> instead of the latest one:
>
> {{{
>
>                     | pg_backend_pid
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------
>  POSTGIS="3.5.0dev 3.4.0rc1-839-g61bc019eb" [EXTENSION] PGSQL="170"
> GEOS="3.13.0dev-CAPI-1.18.0" PROJ="8.2.1 NETWORK_ENABLED=OFF
> URL_ENDPOINT=https://cdn.proj.org USER_WRITABLE_DIRECTORY=/tmp/proj
> DATABASE_PATH=/usr/share/proj/proj.db" LIBXML="2.9.13" |          20653
> (1 row)
>
> }}}

New description:

 The following statements crash Postgis:

 {{{

 DROP TABLE IF EXISTS t0;
 CREATE TABLE t0 (id int, geom geometry);
 INSERT INTO t0 (id, geom) VALUES (1,ST_MPointFromText('MULTIPOINT((0
 0))',0));
 INSERT INTO t0 (id, geom) VALUES (2,ST_MPointFromText('MULTIPOINT((0
 1))',0));
 INSERT INTO t0 (id, geom) VALUES (3,ST_PolygonFromText('POLYGON
 EMPTY',0));
 INSERT INTO t0 (id, geom) VALUES (4,ST_PolygonFromText('POLYGON((0 0,-1
 1,-1 2,0 0))',0));
 INSERT INTO t0 (id, geom)      SELECT 5, ST_Collect(ARRAY[t0.geom,
 t2.geom])      FROM t0 As t0, t0 As t2     WHERE t0.id = 4     and t2.id =
 3;

 SELECT COUNT(*) FROM t0 As a1 JOIN t0 As a2 ON ST_Intersects(a1.geom,
 a2.geom);

 -- psql:script/test.sql:10: server closed the connection unexpectedly
 --         This probably means the server terminated abnormally
 --         before or while processing the request.
 -- psql:script/test.sql:10: error: connection to server was lost

 }}}


 The stack information:

 {{{

 Program received signal SIGSEGV, Segmentation fault.
 0x00007fed2ffdede8 in IntervalIsContained (interval=0x54a000000023,
 value=570) at lwgeom_rtree.c:103
 103             return FP_CONTAINS_INCL(interval->min, value,
 interval->max) ? 1 : 0;
 (gdb) bt
 #0  0x00007fed2ffdede8 in IntervalIsContained (interval=0x54a000000023,
 value=570)
     at lwgeom_rtree.c:103
 #1  0x00007fed2ffdfbb2 in RTreeFindLineSegments (root=0x54a000000023,
 value=570)
     at lwgeom_rtree.c:440
 #2  0x00007fed2ffdfe23 in point_in_ring_rtree (root=0x54a000000023,
     point=0x5589262a0118)
     at lwgeom_rtree.c:515
 #3  0x00007fed2ffe0235 in point_in_multipolygon_rtree
 (root=0x558926629d10,
     polyCount=2,
     ringCounts=0x5589266298a8,
     point=0x5589262a0180)
     at lwgeom_rtree.c:605
 #4  0x00007fed2ffe041d in pip_short_circuit (poly_cache=0x5589266299f0,
     point=0x5589262a0180,
     gpoly=0x5589262a0060)
     at lwgeom_rtree.c:661
 #5  0x00007fed2ffba6e6 in ST_Intersects (fcinfo=0x5589266270f0) at
 lwgeom_geos.c:2382
 #6  0x0000558924f4b040 in ExecInterpExpr()
 #7  0x0000558924f7b94c in ExecNestLoop ()
 #8  0x0000558924f5e241 in fetch_input_tuple ()
 #9  0x0000558924f61343 in ExecAgg ()
 #10 0x0000558924f4e872 in standard_ExecutorRun ()
 #11 0x00005589250ea1df in PortalRunSelect()
 #12 0x00005589250eb5c3 in PortalRun ()
 #13 0x00005589250e7a9d in exec_simple_query ()
 #14 0x00005589250e9de5 in PostgresMain ()
 #15 0x0000558925063d8e in ServerLoop ()
 #16 0x0000558925064cdc in PostmasterMain()
 #17 0x0000558924db5bb1 in main ()

 }}}

 Because I cannot build PostGIS successfully when using the latest version
 of PostGIS in GitHub, I chose the latest one with a green check mark,
 which means a completely successful build in CI/CD.

 Version is g61bc019eb behind [the fix of the last EMPTY
 crash](https://trac.osgeo.org/postgis/changeset/e85cd10523ac7cd5e9ebe34c45f3317e9a19fe32/git),
 instead of the latest one:

 {{{

                     | pg_backend_pid
 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------
  POSTGIS="3.5.0dev 3.4.0rc1-839-g61bc019eb" [EXTENSION] PGSQL="170"
 GEOS="3.13.0dev-CAPI-1.18.0" PROJ="8.2.1 NETWORK_ENABLED=OFF
 URL_ENDPOINT=https://cdn.proj.org USER_WRITABLE_DIRECTORY=/tmp/proj
 DATABASE_PATH=/usr/share/proj/proj.db" LIBXML="2.9.13" |          20653
 (1 row)

 }}}

--
-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/5646#comment:1>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.

More information about the postgis-tickets mailing list