[postgis-tickets] [PostGIS] #4652: Postgres crash with ST_GeomFromGML

PostGIS trac at osgeo.org
Fri Mar 27 06:11:23 PDT 2020 

#4652: Postgres crash with ST_GeomFromGML
-------------------------+----------------------------
  Reporter:  mwjhartogs  |      Owner:  pramsey
      Type:  defect      |     Status:  new
  Priority:  critical    |  Milestone:
 Component:  postgis     |    Version:  2.5.x
Resolution:              |   Keywords:  ST_GeomFromGML
-------------------------+----------------------------

Comment (by Algunenano):

 I can confirm the issue in there in current master:

 {{{
 (gdb) bt
 #0  0x00007f140ca5cce5 in raise () from /usr/lib/libc.so.6
 #1  0x00007f140ca46857 in abort () from /usr/lib/libc.so.6
 #2  0x00007f140caa02b0 in __libc_message () from /usr/lib/libc.so.6
 #3  0x00007f140caa774a in malloc_printerr () from /usr/lib/libc.so.6
 #4  0x00007f140caaa6b4 in _int_malloc () from /usr/lib/libc.so.6
 #5  0x00007f140caabe74 in malloc () from /usr/lib/libc.so.6
 #6  0x000055b8dd4d51d4 in AllocSetAlloc (context=0x55b8deb04350,
 size=<optimized out>) at aset.c:914
 #7  0x000055b8dd4dc6a7 in MemoryContextAllocZeroAligned
 (context=0x55b8deb04350, size=528) at mcxt.c:864
 #8  0x000055b8dd27ff47 in subquery_planner (glob=0x55b8deb06000,
 parse=0x55b8deb05418, parent_root=0x0, hasRecursion=false,
 tuple_fraction=0) at planner.c:609
 #9  0x000055b8dd27faaf in standard_planner (parse=0x55b8deb05418,
 cursorOptions=<optimized out>, boundParams=0x0) at planner.c:406
 #10 0x000055b8dd358e60 in pg_plan_query (querytree=0x55b8deb05418,
 cursorOptions=256, boundParams=0x0) at postgres.c:878
 #11 pg_plan_queries (querytrees=<optimized out>, cursorOptions=256,
 boundParams=0x0) at postgres.c:968
 #12 0x000055b8dd498df3 in BuildCachedPlan (plansource=0x55b8deb051a8,
 qlist=0x55b8deb05fd0, boundParams=0x0, queryEnv=<optimized out>) at
 plancache.c:933
 #13 0x000055b8dd498639 in GetCachedPlan (plansource=0x55b8deb051a8,
 boundParams=<optimized out>, useResOwner=<optimized out>,
 queryEnv=<optimized out>) at plancache.c:1214
 #14 0x000055b8dd20a501 in _SPI_execute_plan (plan=0x7ffceb9a8080,
 paramLI=0x0, snapshot=<optimized out>, crosscheck_snapshot=0x0,
 read_only=false, fire_triggers=<optimized out>, tcount=1) at spi.c:2215
 #15 0x000055b8dd20a2e8 in SPI_execute (src=0x7ffceb9a8160 "SELECT
 position('+units=m ' in proj4text)", ' ' <repeats 25 times>, "FROM
 spatial_ref_sys WHERE srid='28992'", read_only=false, tcount=1) at
 spi.c:514
 #16 0x00007f11fc5d0ffb in gml_is_srid_planar (srid=28992) at
 lwgeom_in_gml.c:397
 #17 parse_gml_srs (xnode=<optimized out>, srs=0x7ffceb9a82f8) at
 lwgeom_in_gml.c:487
 #18 0x00007f11fc5cfdac in parse_gml_curve (xnode=0x55b8deaf5480,
 hasz=0x7ffceb9a834f, root_srid=<optimized out>) at lwgeom_in_gml.c:1138
 #19 parse_gml (xnode=<optimized out>, hasz=0x7ffceb9a834f,
 root_srid=0x7ffceb9a8350) at lwgeom_in_gml.c:1933
 #20 0x00007f11fc5ce65a in lwgeom_from_gml (xml=<optimized out>,
 xml_size=<optimized out>) at lwgeom_in_gml.c:1877
 #21 geom_from_gml (fcinfo=<optimized out>) at lwgeom_in_gml.c:116
 #22 0x000055b8dd1ca50d in ExecInterpExpr (state=0x55b8deabd740,
 econtext=0x55b8deabdc80, isnull=<optimized out>) at execExprInterp.c:649
 #23 0x000055b8dd299a8e in ExecEvalExprSwitchContext (state=<optimized
 out>, econtext=0x7ffceb9a7850, isNull=0x7ffceb9a84bf) at
 ../../../../src/include/executor/executor.h:307
 #24 evaluate_expr (expr=<optimized out>, result_type=72111,
 result_typmod=-1, result_collation=0) at clauses.c:4812
 #25 0x000055b8dd29a664 in evaluate_function (funcid=72624,
 result_type=72111, result_typmod=-1, result_collid=0, input_collid=100,
 args=0x55b8de9f8a60, funcvariadic=<optimized out>, context=0x7ffceb9a8830,
 func_tuple=<optimized out>) at clauses.c:4354
 #26 simplify_function (funcid=72624, result_type=72111, result_typmod=-1,
 result_collid=0, input_collid=100, args_p=<optimized out>,
 funcvariadic=<optimized out>, process_args=<optimized out>,
 allow_non_const=true, context=0x7ffceb9a8830)
     at clauses.c:3984
 #27 0x000055b8dd298864 in eval_const_expressions_mutator
 (node=0x55b8de9f8648, context=0x7ffceb9a8830) at clauses.c:2477
 #28 0x000055b8dd22d829 in expression_tree_mutator (node=0x55b8de9f8698,
 mutator=0x55b8dd297c30 <eval_const_expressions_mutator>,
 context=0x7ffceb9a8830) at nodeFuncs.c:2762
 #29 0x000055b8dd297d4e in eval_const_expressions_mutator
 (node=0x55b8de9f8698, context=0x7ffceb9a8830) at clauses.c:3539
 #30 0x000055b8dd22db06 in expression_tree_mutator (node=<optimized out>,
 mutator=0x55b8dd297c30 <eval_const_expressions_mutator>,
 context=0x7ffceb9a8830) at nodeFuncs.c:3012
 #31 0x000055b8dd297d4e in eval_const_expressions_mutator
 (node=0x55b8de9f8708, context=0x7ffceb9a8830) at clauses.c:3539
 #32 0x000055b8dd297c10 in eval_const_expressions (root=<optimized out>,
 node=0x0) at clauses.c:2269
 #33 0x000055b8dd2804ab in preprocess_expression (root=<optimized out>,
 expr=0x7ffceb9a7850, kind=1) at planner.c:1087
 #34 subquery_planner (glob=<optimized out>, parse=0x55b8de9f8388,
 parent_root=<optimized out>, hasRecursion=<optimized out>,
 tuple_fraction=0) at planner.c:769
 #35 0x000055b8dd27faaf in standard_planner (parse=0x55b8de9f8388,
 cursorOptions=<optimized out>, boundParams=0x0) at planner.c:406
 #36 0x000055b8dd358e60 in pg_plan_query (querytree=0x55b8de9f8388,
 cursorOptions=256, boundParams=0x0) at postgres.c:878
 #37 pg_plan_queries (querytrees=<optimized out>, cursorOptions=256,
 boundParams=0x0) at postgres.c:968
 #38 0x000055b8dd35d2b4 in exec_simple_query (
     query_string=0x55b8deaf6358 "select ST_GeomFromGML('<gml:Curve id
 =\"id-69b216c9-2c07-434d-8664-e321b3697725-0\" srsDimension=\"2\"
 srsName=\"urn:x-ogc:def:crs:EPSG:28992\"> <gml:segments>
 <gml:LineStringSegment> \n<gml:posList>119675.91"...)
     at postgres.c:1143
 #39 0x000055b8dd35ad34 in PostgresMain (argc=<optimized out>,
 argv=<optimized out>, dbname=<optimized out>, username=<optimized out>) at
 postgres.c:4243
 #40 0x000055b8dd2c9ef7 in BackendRun (port=0x55b8dea1d230) at
 postmaster.c:4437
 #41 0x000055b8dd2c94df in BackendStartup (port=<optimized out>) at
 postmaster.c:4128
 #42 ServerLoop () at postmaster.c:1704
 #43 0x000055b8dd2c6036 in PostmasterMain (argc=3, argv=0x55b8de9f1230) at
 postmaster.c:1377
 #44 0x000055b8dd22b7d5 in main (argc=3, argv=0x55b8de9f1230) at main.c:228
 }}}

 In PG (REL_12_STABLE) logs:
 ```
 malloc(): invalid size (unsorted)
 ```

 This might be a PG issue. I'll try to investigate further.

-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4652#comment:1>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.

More information about the postgis-tickets mailing list