[postgis-tickets] [PostGIS] #4652: Postgres crash with ST_GeomFromGML

PostGIS trac at osgeo.org
Fri Mar 27 10:09:03 PDT 2020 

#4652: Postgres crash with ST_GeomFromGML
-------------------------+----------------------------
  Reporter:  mwjhartogs  |      Owner:  pramsey
      Type:  defect      |     Status:  new
  Priority:  critical    |  Milestone:
 Component:  postgis     |    Version:  2.5.x
Resolution:              |   Keywords:  ST_GeomFromGML
-------------------------+----------------------------

Comment (by Algunenano):

 Running under valgrind (which was way easier than I thought, I don't know
 why I hadn't done it before) show multiple errors:
 {{{
 mar 27 17:19:32 Mordor postgres[305622]: ==305622== Invalid write of size
 8
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    at 0x4842779:
 memmove (vg_replace_strmem.c:1271)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BD3FC:
 parse_gml_curve (lwgeom_in_gml.c:1128)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC5E3:
 parse_gml (lwgeom_in_gml.c:1933)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC3A4:
 lwgeom_from_gml (lwgeom_in_gml.c:1877)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC275:
 geom_from_gml (lwgeom_in_gml.c:116)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CE734:
 ExecInterpExpr (execExprInterp.c:649)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CD9D6:
 ExecInterpExprStillValid (execExprInterp.c:1778)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x62246A:
 ExecEvalExprSwitchContext (executor.h:307)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x62231E:
 evaluate_expr (clauses.c:4812)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x6240E8:
 evaluate_function (clauses.c:4354)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x623387:
 simplify_function (clauses.c:3984)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x61F39A:
 eval_const_expressions_mutator (clauses.c:2477)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==  Address 0x83a2cc0 is
 0 bytes after a block of size 8,272 alloc'd
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    at 0x483B77F:
 malloc (vg_replace_malloc.c:309)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x9530B4:
 AllocSetAlloc (aset.c:733)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x9602B7: palloc
 (mcxt.c:938)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x855CC72:
 pg_alloc (lwgeom_pg.c:201)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x8595F2B:
 lwalloc (lwutil.c:229)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x856AC36:
 ptarray_construct_empty (ptarray.c:73)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x856AB97:
 ptarray_construct (ptarray.c:53)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BD2F0:
 parse_gml_curve (lwgeom_in_gml.c:1117)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC5E3:
 parse_gml (lwgeom_in_gml.c:1933)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC3A4:
 lwgeom_from_gml (lwgeom_in_gml.c:1877)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC275:
 geom_from_gml (lwgeom_in_gml.c:116)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CE734:
 ExecInterpExpr (execExprInterp.c:649)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==
 mar 27 17:19:32 Mordor postgres[305622]: ==305622== Conditional jump or
 move depends on uninitialised value(s)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    at 0x85A459D:
 ptarray_calculate_gbox_cartesian_3d (gbox.c:571)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x85A4185:
 ptarray_calculate_gbox_cartesian (gbox.c:625)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x85A4AF7:
 lwline_calculate_gbox_cartesian (gbox.c:688)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x85A49BC:
 lwgeom_calculate_gbox_cartesian (gbox.c:750)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x8571FB9:
 lwgeom_calculate_gbox (lwgeom.c:743)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x8571F4E:
 lwgeom_add_bbox (lwgeom.c:685)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC3D6:
 lwgeom_from_gml (lwgeom_in_gml.c:1887)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC275:
 geom_from_gml (lwgeom_in_gml.c:116)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CE734:
 ExecInterpExpr (execExprInterp.c:649)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CD9D6:
 ExecInterpExprStillValid (execExprInterp.c:1778)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x62246A:
 ExecEvalExprSwitchContext (executor.h:307)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x62231E:
 evaluate_expr (clauses.c:4812)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==
 mar 27 17:19:32 Mordor postgres[305622]: ==305622== Conditional jump or
 move depends on uninitialised value(s)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    at 0x85A45E4:
 ptarray_calculate_gbox_cartesian_3d (gbox.c:572)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x85A4185:
 ptarray_calculate_gbox_cartesian (gbox.c:625)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x85A4AF7:
 lwline_calculate_gbox_cartesian (gbox.c:688)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x85A49BC:
 lwgeom_calculate_gbox_cartesian (gbox.c:750)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x8571FB9:
 lwgeom_calculate_gbox (lwgeom.c:743)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x8571F4E:
 lwgeom_add_bbox (lwgeom.c:685)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC3D6:
 lwgeom_from_gml (lwgeom_in_gml.c:1887)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x84BC275:
 geom_from_gml (lwgeom_in_gml.c:116)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CE734:
 ExecInterpExpr (execExprInterp.c:649)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x4CD9D6:
 ExecInterpExprStillValid (execExprInterp.c:1778)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x62246A:
 ExecEvalExprSwitchContext (executor.h:307)
 mar 27 17:19:32 Mordor postgres[305622]: ==305622==    by 0x62231E:
 evaluate_expr (clauses.c:4812)
 }}}

 There are multiple issues there. One in the bbox calculation and one in
 the copy of the data.

-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4652#comment:6>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.

More information about the postgis-tickets mailing list