[postgis-tickets] [PostGIS] #4646: Broken pointer arithmetic in gserialized_cmp leads crash/wrong results during ORDER BY
PostGIS
trac at osgeo.org
Tue Feb 25 09:03:51 PST 2020
#4646: Broken pointer arithmetic in gserialized_cmp leads crash/wrong results
during ORDER BY
----------------------+---------------------------
Reporter: dkvash | Owner: pramsey
Type: defect | Status: new
Priority: critical | Milestone: PostGIS 2.5.4
Component: postgis | Version: 2.5.x
Keywords: |
----------------------+---------------------------
Broken pointer arithmetic in gserialized_cmp leads crash/wrong results
during ORDER BY
Introduced in https://trac.osgeo.org/postgis/ticket/3935
Author of https://trac.osgeo.org/postgis/changeset/16141 intended to write
*(uint32_t*) ((char *)g1 + 8)
but ended up writing an equivalent of
*(uint32_t*) ((char *) g1 + 8 * sizeof(void *))
--
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4646>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.
More information about the postgis-tickets
mailing list