[postgis-tickets] [PostGIS] #4536: Leak in WKB collection parser
PostGIS
trac at osgeo.org
Thu Oct 10 00:16:28 PDT 2019
#4536: Leak in WKB collection parser
---------------------+---------------------------
Reporter: komzpa | Owner: pramsey
Type: defect | Status: new
Priority: medium | Milestone: PostGIS 3.0.1
Component: postgis | Version: 2.5.x
Keywords: |
---------------------+---------------------------
https://oss-fuzz.com/testcase-detail/5727346518130688
{{{
=================================================================
==1==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 121472 byte(s) in 3796 object(s) allocated from:
#0 0x49692d in malloc /src/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x6064be in lwcollection_construct_empty
/src/postgis/liblwgeom/lwcollection.c:101:8
#2 0x611bf2 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:639:22
#3 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#4 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#5 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#6 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#7 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#8 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#9 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#10 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#11 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#12 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#13 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#14 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#15 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#16 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#17 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#18 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#19 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#20 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#21 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#22 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#23 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#24 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#25 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#26 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#27 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#28 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#29 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
================================================================================
The following leaks are not necessarily related to the first leak.
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x49692d in malloc /src/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x6064be in lwcollection_construct_empty
/src/postgis/liblwgeom/lwcollection.c:101:8
#2 0x611bf2 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:639:22
#3 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#4 0x611eda in lwgeom_from_wkb /src/postgis/liblwgeom/lwin_wkb.c:783:9
#5 0x4c9d2d in LLVMFuzzerTestOneInput
/src/postgis/fuzzers/wkb_import_fuzzer.cpp:116:22
#6 0x51a546 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
#7 0x4cb08f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*,
unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
#8 0x4d8cf2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned
char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
#9 0x4ca6d7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
#10 0x7f04a770382f in __libc_start_main /build/glibc-
LK5gWL/glibc-2.23/csu/libc-start.c:291
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x49692d in malloc /src/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x6064be in lwcollection_construct_empty
/src/postgis/liblwgeom/lwcollection.c:101:8
#2 0x611bf2 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:639:22
#3 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#4 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#5 0x611c77 in lwcollection_from_wkb_state
/src/postgis/liblwgeom/lwin_wkb.c:655:10
#6 0x611eda in lwgeom_from_wkb /src/postgis/liblwgeom/lwin_wkb.c:783:9
#7 0x4c9d2d in LLVMFuzzerTestOneInput
/src/postgis/fuzzers/wkb_import_fuzzer.cpp:116:22
#8 0x51a546 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
#9 0x4cb08f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*,
unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
#10 0x4d8cf2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned
char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
#11 0x4ca6d7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
#12 0x7f04a770382f in __libc_start_main /build/glibc-
LK5gWL/glibc-2.23/csu/libc-start.c:291
..... many more lines ...
}}}
--
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4536>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.
More information about the postgis-tickets
mailing list