[geos-devel] [GEOS] #858: LinIntersector sanitizer failure

GEOS geos-trac at osgeo.org
Tue Feb 27 14:47:47 PST 2018 

#858: LinIntersector sanitizer failure
------------------------+--------------------------
 Reporter:  goatbar     |      Owner:  geos-devel@…
     Type:  defect      |     Status:  new
 Priority:  major       |  Milestone:  3.6.3
Component:  Default     |    Version:  3.6.2
 Severity:  Unassigned  |   Keywords:
------------------------+--------------------------
 Fails with both ASAN and MSAN with geos synced to aprox October (and older
 versions too)

 {{{
 ==4928==WARNING: MemorySanitizer: use-of-uninitialized-value
     #0 0x7fc9ed11edbf in
 geos::geomgraph::index::SimpleMCSweepLineIntersector::~SimpleMCSweepLineIntersector()
 geos/src/geomgraph/index/SimpleMCSweepLineIntersector.cpp:42:7
     #1 0x7fc9ed11ee0c in
 geos::geomgraph::index::SimpleMCSweepLineIntersector::~SimpleMCSweepLineIntersector()
 geos/src/geomgraph/index/SimpleMCSweepLineIntersector.cpp:38:1
     #2 0x7fc9ed100444 in
 std::unique_ptr<geos::geomgraph::index::EdgeSetIntersector,
 std::default_delete<geos::geomgraph::index::EdgeSetIntersector>
 >::~unique_ptr()
 crosstool/v18/stable/toolchain/bin/../lib/gcc/x86_64-grtev4-linux-
 gnu/4.9.x-google/../../../../x86_64-grtev4-linux-
 gnu/include/c++/4.9.x-google/bits/unique_ptr.h:236:4
     #3 0x7fc9ed0fdfa4 in
 geos::geomgraph::GeometryGraph::computeSelfNodes(geos::algorithm::LineIntersector&,
 bool, bool, geos::geom::Envelope const*)
 geos/src/geomgraph/GeometryGraph.cpp:401:1
     #4 0x7fc9ed0fd9f2 in
 geos::geomgraph::GeometryGraph::computeSelfNodes(geos::algorithm::LineIntersector&,
 bool, geos::geom::Envelope const*)
 geos/src/geomgraph/GeometryGraph.cpp:366:9
     #5 0x7fc9ed1a0937 in
 geos::operation::IsSimpleOp::isSimpleLinearGeometry(geos::geom::Geometry
 const*) geos/src/operation/IsSimpleOp.cpp:174:48
     #6 0x7fc9ed1a06ba in geos::operation::IsSimpleOp::isSimple()
 geos/src/operation/IsSimpleOp.cpp
     #7 0x7fc9ed095ffb in geos::geom::Geometry::isSimple() const
 geos/src/geom/Geometry.cpp:866:12
     #8 0x7fc9ed022fd2 in GEOSisSimple_r geos/capi/geos_ts_c.cpp:1722:20
     #9 0x7fc9edeb15dd in OGRGeometry::IsSimple() const
 gdal/ogr/ogrgeometry.cpp:2200:19
     #10 0x562532e2db54 in (anonymous
 namespace)::OgrGemeometryFactoryWkb_b69202526_Test::TestBody()
 gdal/autotest2/cpp/ogr/ogrgeometryfactory_test.cc:389:3
     #11 0x7fc9e8b770e9 in testing::Test::Run() gtest/src/gtest.cc:2478:5
     #12 0x7fc9e8b77f6a in testing::TestInfo::Run()
 gtest/src/gtest.cc:2654:11
     #13 0x7fc9e8b78922 in testing::TestCase::Run()
 gtest/src/gtest.cc:2772:28
     #14 0x7fc9e8b840ba in testing::internal::UnitTestImpl::RunAllTests()
 gtest/src/gtest.cc:4690:43
     #15 0x7fc9e8b83aa4 in testing::UnitTest::Run()
 gtest/src/gtest.cc:4309:10
     #16 0x562532e30733 in main gdal/autotest2/cpp/util/gunit_main.cc:19:10

 SUMMARY: MemorySanitizer: use-of-uninitialized-value
 geos/src/geomgraph/index/SimpleMCSweepLineIntersector.cpp:42:7 in
 geos::geomgraph::index::SimpleMCSweepLineIntersector::~SimpleMCSweepLineIntersector()
 }}}

 Reproduces with this gunit based test.  Be warned that this data is
 generated by a fuzzer, so it's likely pretty crazy.

 {{{#!c++
 TEST(OgrGemeometryFactoryWkb, b69202526) {
   constexpr char kData[] =
 "\x00\x00\x00\x00\x02\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00"
 "\x00\x00\x00\x00\x00\x00\x00\x00\x24\x04\x24\x24\x24\x24\x24\x24\x24"
 "\x24\x24\x24\x24\x28\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x3b"
 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x40\x00\x01\x08\x00"
 "\x00\x00\x03\x00\x00\x00\x3b\x01\x98\x00\x00\x00\x00\x00\x00\x00\x00"
 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x29\x00"
 "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x49\x00\x01\xf3\x4e\x53\x74\x37"
 "\x6c\x6f\x63\x61\x6c\x65\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 "\x28\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 "\xfb\x00\x00\x00\x00\x00\x01\x07\x00\x00\x00\x00\x00\x3a\x00\x00\x00"
 "\xf1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x00\x00"
 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 "\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00"
 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

   OGRGeometry *geomptr = nullptr;

   size_t size = ARRAYSIZE(kData);
   LOG(INFO) << "size: " << size;
   auto variant = wkbVariantOldOgc;
   int bytes_consumed = 0;
   auto data = reinterpret_cast<const unsigned char *>(kData);
   OGRGeometryFactory::createFromWkb(data, nullptr, &geomptr, size,
 variant,
                                     bytes_consumed);
   ASSERT_EQ(233, bytes_consumed);
   ASSERT_NE(nullptr, geomptr);
   EXPECT_TRUE(geomptr->IsSimple());  // <-- Sanitizers fail here
 }
 }}}

-- 
Ticket URL: <https://trac.osgeo.org/geos/ticket/858>
GEOS <http://trac.osgeo.org/geos>
GEOS (Geometry Engine - Open Source) is a C++ port of the Java Topology Suite (JTS).

More information about the geos-devel mailing list