[postgis-tickets] [PostGIS] #4537: Leak in WKT collection parser
PostGIS
trac at osgeo.org
Thu Oct 10 00:18:45 PDT 2019
#4537: Leak in WKT collection parser
---------------------+---------------------------
Reporter: komzpa | Owner: pramsey
Type: defect | Status: new
Priority: medium | Milestone: PostGIS 2.5.4
Component: postgis | Version: 2.5.x
Keywords: |
---------------------+---------------------------
https://oss-fuzz.com/testcase-detail/5727346518130688
Input is "TINEMPTY,"
{{{
=================================================================
==1==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x496abd in malloc /src/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x60668e in lwcollection_construct_empty
/src/postgis/liblwgeom/lwcollection.c:101:8
#2 0x618bc9 in wkt_parser_collection_finalize
/src/postgis/liblwgeom/lwin_wkt.c:813:33
#3 0x6722b2 in wkt_yyparse
/src/postgis/liblwgeom/lwin_wkt_parse.y:290:31
#4 0x66e070 in lwgeom_parse_wkt
/src/postgis/liblwgeom/lwin_wkt_parse.y:68:13
#5 0x619239 in lwgeom_from_wkt
/src/postgis/liblwgeom/lwin_wkt.c:909:20
#6 0x4c9eeb in LLVMFuzzerTestOneInput
/src/postgis/fuzzers/wkt_import_fuzzer.cpp:120:26
#7 0x51a716 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
#8 0x4cb25f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*,
unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
#9 0x4d8ec2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned
char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
#10 0x4ca8a7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
#11 0x7fe3fdac182f in __libc_start_main /build/glibc-
LK5gWL/glibc-2.23/csu/libc-start.c:291
================================================================================
The following leaks are not necessarily related to the first leak.
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x496abd in malloc /src/llvm/projects/compiler-
rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x606741 in lwcollection_construct_empty
/src/postgis/liblwgeom/lwcollection.c:107:15
#2 0x618bc9 in wkt_parser_collection_finalize
/src/postgis/liblwgeom/lwin_wkt.c:813:33
#3 0x6722b2 in wkt_yyparse
/src/postgis/liblwgeom/lwin_wkt_parse.y:290:31
#4 0x66e070 in lwgeom_parse_wkt
/src/postgis/liblwgeom/lwin_wkt_parse.y:68:13
#5 0x619239 in lwgeom_from_wkt
/src/postgis/liblwgeom/lwin_wkt.c:909:20
#6 0x4c9eeb in LLVMFuzzerTestOneInput
/src/postgis/fuzzers/wkt_import_fuzzer.cpp:120:26
#7 0x51a716 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
#8 0x4cb25f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*,
unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
#9 0x4d8ec2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned
char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
#10 0x4ca8a7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
#11 0x7fe3fdac182f in __libc_start_main /build/glibc-
LK5gWL/glibc-2.23/csu/libc-start.c:291
SUMMARY: AddressSanitizer: 40 byte(s) leaked in 2 allocation(s).
}}}
--
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4537>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.
More information about the postgis-tickets
mailing list