Opened 6 years ago
Closed 6 years ago
#4191 closed defect (fixed)
Undefined behaviour in ptarray_clone_deep
Reported by: | Algunenano | Owned by: | Algunenano |
---|---|---|---|
Priority: | medium | Milestone: | PostGIS 2.2.8 |
Component: | postgis | Version: | 2.2.x |
Keywords: | Cc: |
Description
Detected running regress tickets
under gcc -fsanitize=undefined -fsanitize-undefined-trap-on-error`.
There is a zero length allocation that can lead to out->serialized_pointlist
being NULL (https://wiki.sei.cmu.edu/confluence/display/c/MEM04-C.+Beware+of+zero-length+allocations) which is not valid as input for memcpy:
` If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined.
`
Core was generated by `postgres: raul postgis_reg [local] SELECT '. Program terminated with signal SIGILL, Illegal instruction. #0 0x00007f1aebe19e41 in ptarray_clone_deep (in=0x55c488ddf5f0) at ptarray.c:637 637 memcpy(out->serialized_pointlist, in->serialized_pointlist, size); (gdb) p size $1 = 0 (gdb) p *in $3 = {serialized_pointlist = 0x0, flags = 0 '\000', npoints = 0, maxpoints = 0} (gdb) bt #0 0x00007f1aebe19e41 in ptarray_clone_deep (in=0x55c488ddf5f0) at ptarray.c:637 #1 0x00007f1aebe2b0a2 in lwline_clone_deep (g=0x55c488ddf5c0) at lwline.c:126 #2 0x00007f1aebe22329 in lwgeom_clone_deep (lwgeom=0x55c488ddf5c0) at lwgeom.c:522 #3 0x00007f1aebe34436 in lwcollection_clone_deep (g=0x55c488ddf570) at lwcollection.c:159 #4 0x00007f1aebe22347 in lwgeom_clone_deep (lwgeom=0x55c488ddf570) at lwgeom.c:535 #5 0x00007f1aebeb3b5a in lwgeom_linemerge (geom=0x55c488ddf570) at lwgeom_geos.c:642 #6 0x00007f1aebccd73c in linemerge (fcinfo=0x55c488dbdfd0) at lwgeom_geos.c:3041 #7 0x000055c487667870 in ExecInterpExpr (state=0x55c488dbd688, econtext=0x55c488dbcea0, isnull=0x7fffc06a8ddf) at execExprInterp.c:678
WIP in https://github.com/postgis/postgis/pull/311