ST_GeogFromWKB crashes server with segfault

[pimpaa]

Hello friends! Long time no see!

We started to see some problems on our database after we released a specific feature and our team looked into it and we believe that the culprit is a segfault in ST_GeogFromText.

Relevant info:

SELECT * FROM postgis_full_version();

 POSTGIS="2.5.2 r17328" [EXTENSION] PGSQL="110" GEOS="3.7.0-CAPI-1.11.0 673b9939" PRO
J="Rel. 5.2.0, September 15th, 2018" GDAL="GDAL 2.3.1, released 2018/06/22" LIBXML="2
.9.1" LIBJSON="0.12" LIBPROTOBUF="1.3.0" (core procs from "2.5.1 r17027" need upgrade
) RASTER (raster procs from "2.5.1 r17027" need upgrade)
(1 row)

select * from version();
                                                 version                             
                    
-------------------------------------------------------------------------------------
--------------------
 PostgreSQL 11.8 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Ha
t 4.8.5-11), 64-bit
(1 row)

We are using AWS RDS.

Due to a bug in our server side code we were, by mistake, sending a WKB POINT to the ST_GeogFromText function. This caused the server to segfault and restart.

While we can fix this on our backend code, my guess is that this should not crash PostgreSQL.

This works:

mainproduction=> SELECT ST_GeogFromWKB(ST_asBinary(ST_GeomFromText('MULTIPOINT ((10 40), (40 30), (20 20), (30 10))')));
                                                                                     
      st_geogfromwkb                                                                 
                          
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
--------------------------
 0104000020E6100000040000000101000000000000000000244000000000000044400101000000000000
00000044400000000000003E4001010000000000000000003440000000000000344001010000000000000
000003E400000000000002440
(1 row)

This causes the crash

mainproduction=> SELECT ST_GeogFromWKB(ST_asBinary(ST_GeomFromText('POINT(1 1)')));
WARNING:  terminating connection because of crash of another server process
DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
HINT:  In a moment you should be able to reconnect to the database and repeat your command.
SSL SYSCALL error: EOF detected
The connection to the server was lost. Attempting reset: Succeeded.
psql (13.1 (Debian 13.1-1.pgdg100+1), server 11.8)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)

Further evidence:

2020-12-01 14:24:49 UTC::@:[26481]:LOG:  server process (PID 19108) was terminated by signal 11: Segmentation fault
2020-12-01 14:24:49 UTC::@:[26481]:DETAIL:  Failed process was running: UPDATE "my table" SET "updated_at" = '2020-12-01T14:24:49.802406'::timestamp, "delivery_geometry" = ST_GeogFromWKB('\x0104000020e6100000010000000101000000a661f888988f5dc0a0de8c9aaf064140'::bytea) WHERE "my_table"."id" = 12149064
2020-12-01 14:24:49 UTC::@:[26481]:LOG:  terminating any other active server processes
2020-12-01 14:24:49 UTC::@:[14782]:WARNING:  terminating connection because of crash of another server process

2020-12-01 14:22:47 UTC::@:[26481]:LOG:  server process (PID 14752) was terminated by signal 11: Segmentation fault
2020-12-01 14:22:47 UTC::@:[26481]:DETAIL:  Failed process was running: UPDATE "my_table" SET "updated_at" = '2020-12-01T14:22:47.135840'::timestamp, "delivery_geometry" = ST_GeogFromWKB('\x0104000020e6100000010000000101000000a661f888988f5dc0a0de8c9aaf064140'::bytea) WHERE "my_table"."id" = 12148923
2020-12-01 14:22:47 UTC::@:[26481]:LOG:  terminating any other active server processes

[Algunenano]

This was addressed in #4767, so 3.0.3 and the future 3.1.0 work fine.

[komzpa]

Cannot reproduce on 3.0.3. Can you update to 2.5.5 and see if it's still an issue? There were a bunch of related fixes in 2.5.4.

18:39:42 [gis] > SELECT ST_GeogFromText(ST_asBinary(ST_GeomFromText('POINT(1 1)'))::text);
ERROR:  XX000: parse error - invalid geometry
HINT:  "\x" <-- parse error at position 2 within geometry
LOCATION:  pg_parser_errhint, lwgeom_pg.c:183
Time: 0,597 ms
18:39:47 [gis] > select postgis_full_version();
┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                                          postgis_full_version                                                                                                           │
├─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ POSTGIS="3.0.3 6660953" [EXTENSION] PGSQL="130" GEOS="3.9.0-CAPI-1.14.0" SFCGAL="1.3.7" PROJ="7.1.0" GDAL="GDAL 3.1.3, released 2020/09/01" LIBXML="2.9.10" LIBJSON="0.15" LIBPROTOBUF="1.3.3" WAGYU="0.4.3 (Internal)" TOPOLOGY RASTER │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
(1 row)

Time: 98,477 ms

[pimpaa]

Hello komzpa!

Thanks for the super quick reply.

I can't easily upgrade it to confirm it for you. I'll check on our side and I'll report back. The main idea behind opening this ticket was visibility. Since it's a duplicate, we should be good.

Thanks