Opened 5 years ago

Closed 5 years ago

#4466 closed defect (fixed)

UBSAN in _postgis_gserialized_stats

Reported by: Algunenano Owned by: pramsey
Priority: medium Milestone: PostGIS 2.3.10
Component: postgis Version: 2.3.x
Keywords: Cc:

Description

_postgis_gserialized_stats is reading 4 parameters but only 3 are ever passed.

Dump: 

#0  0x00007fae2e0f94ee in _postgis_gserialized_stats (fcinfo=0x5612f5fa1090) at gserialized_estimate.c:2087
2087            if ( ! PG_ARGISNULL(3) )
(gdb) bt
#0  0x00007fae2e0f94ee in _postgis_gserialized_stats (fcinfo=0x5612f5fa1090) at gserialized_estimate.c:2087
#1  0x00005612f3d23b13 in ExecInterpExpr (state=0x5612f5fa0fa8, econtext=0x5612f5fa0c98, isnull=0x7ffe886e4faf) at execExpr
#2  0x00005612f3d5ea54 in ExecEvalExprSwitchContext (state=0x5612f5fa0fa8, econtext=0x5612f5fa0c98, isNull=0x7ed43954744d00
    at ../../../src/include/executor/executor.h:307
#3  ExecProject (projInfo=0x5612f5fa0fa0) at ../../../src/include/executor/executor.h:341
#4  ExecResult (pstate=<optimized out>) at nodeResult.c:136
#5  0x00005612f3d2c3bc in ExecProcNode (node=<optimized out>) at ../../../src/include/executor/executor.h:239
#6  ExecutePlan (estate=<optimized out>, planstate=0x5612f5fa0b80, operation=<optimized out>, numberTuples=<optimized out>,
    direction=<optimized out>, dest=0x5612f5fafaa8, use_parallel_mode=<optimized out>, sendTuples=<optimized out>, 
    execute_once=<optimized out>) at execMain.c:1648
#7  standard_ExecutorRun (queryDesc=<optimized out>, direction=<optimized out>, count=0, execute_once=<optimized out>) at e
#8  0x00005612f3ed918b in PortalRunSelect (portal=0x5612f5f2bc68, forward=<optimized out>, count=0, dest=<optimized out>) a
#9  0x00005612f3ed8c7a in PortalRun (portal=0x5612f5f2bc68, count=9223372036854775807, isTopLevel=<optimized out>, 
    run_once=<optimized out>, dest=0x5612f5fafaa8, altdest=0x5612f5fafaa8, completionTag=0x7ffe886e5240 "") at pquery.c:770
#10 0x00005612f3ed78ba in exec_simple_query (query_string=0x5612f5ec2408 "select _postgis_stats('no_stats','g');") at postg
#11 0x00005612f3ed50d7 in PostgresMain (argc=<optimized out>, argv=<optimized out>, dbname=<optimized out>, username=<optim
    at postgres.c:4245

Change History (5)

comment:1 by Algunenano, 5 years ago

Related to https://github.com/postgis/postgis/pull/430 (it was detected and fixed there)

comment:2 by Raul Marin, 5 years ago

In 17632:

Fix undefined behaviour in _postgis_gserialized_stats

References #4466

comment:3 by Raul Marin, 5 years ago

In 17633:

Fix undefined behaviour in _postgis_gserialized_stats

References #4466

comment:4 by Raul Marin, 5 years ago

In 17634:

Fix undefined behaviour in _postgis_gserialized_stats

References #4466

comment:5 by Raul Marin, 5 years ago

Resolution: fixed
Status: newclosed

In 17635:

Fix undefined behaviour in _postgis_gserialized_stats

Closes #4466

Note: See TracTickets for help on using tickets.