[postgis-tickets] [PostGIS] #4915: box2d_in() + bogus string crashes server

[PostGIS]

#4915: box2d_in() + bogus string crashes server
----------------------+---------------------------
 Reporter:  Robins    |      Owner:  pramsey
     Type:  defect    |     Status:  new
 Priority:  medium    |  Milestone:  PostGIS 3.1.2
Component:  postgis   |    Version:  3.0.x
 Keywords:  box2d_in  |
----------------------+---------------------------
 `box2d_in()` + bogus string crashes the server.

 When `box2d_in()` is fed with a string that has a comma (,) and spaces, it
 just crashes the server. It does catch empty strings / nulls / "a,b" but a
 regular user could cause DoS by running something like this.


 {{{
 $ psql
 psql (13beta2, server 13.3)
 Type "help" for help.

 regression=> \dx postgis
 List of installed extensions
 -[ RECORD 1
 ]--------------------------------------------------------------------
 Name        | postgis
 Version     | 3.0.3
 Schema      | public
 Description | PostGIS geometry, geography, and raster spatial types and
 functions

 regression=> SELECT plvdate.version();
                     version
 -----------------------------------------------
  PostgreSQL PLVdate, version 3.7, October 2018
 (1 row)

 regression=> SELECT public.box2d_in(plvdate.version()::cstring);
 server closed the connection unexpectedly
         This probably means the server terminated abnormally
         before or while processing the request.
 The connection to the server was lost. Attempting reset: Failed.
 !?> \q
 }}}

-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4915>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.