Opened 23 months ago
Closed 22 months ago
#5315 closed defect (fixed)
ST_Buffer causes segfault on polygon with infinity coordinates
Reported by: | ewie | Owned by: | robe |
---|---|---|---|
Priority: | blocker | Milestone: | PostGIS 3.0.9 |
Component: | postgis | Version: | 3.2.x |
Keywords: | Cc: | ewie |
Description (last modified by )
The following query causes a segfault that puts Postgres in recovery mode:
SELECT ST_Buffer( ST_Transform( ST_SetSRID( ST_GeomFromText( 'MULTIPOLYGON(((0 0, 1 0, 1 1, 0 1, 0 0)))', 4326 ), 4647 ), 25832 ), 1 );
Postgres log:
2023-01-14 01:21:54.455 CET [4520] LOG: server process (PID 5016) was terminated by exception 0xC0000005 2023-01-14 01:21:54.455 CET [4520] DETAIL: Failed process was running: SELECT ST_Buffer( ST_Transform( ST_SetSRID( ST_GeomFromText( 'MULTIPOLYGON(((0 0, 1 0, 1 1, 0 1, 0 0)))', 4326 ), 4647 ), 25832 ), 1 ); 2023-01-14 01:21:54.455 CET [4520] HINT: See C include file "ntstatus.h" for a description of the hexadecimal value. 2023-01-14 01:21:54.455 CET [4520] LOG: terminating any other active server processes 2023-01-14 01:21:54.462 CET [8804] WARNING: terminating connection because of crash of another server process 2023-01-14 01:21:54.462 CET [8804] DETAIL: The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory. 2023-01-14 01:21:54.462 CET [8804] HINT: In a moment you should be able to reconnect to the database and repeat your command. 2023-01-14 01:21:54.476 CET [4520] LOG: all server processes terminated; reinitializing 2023-01-14 01:21:54.665 CET [5368] LOG: database system was interrupted; last known up at 2023-01-14 01:01:08 CET 2023-01-14 01:22:29.148 CET [4480] FATAL: the database system is in recovery mode 2023-01-14 01:22:50.260 CET [5368] LOG: database system was not properly shut down; automatic recovery in progress 2023-01-14 01:22:50.440 CET [5368] LOG: redo starts at 157/4F24D0F8 2023-01-14 01:22:50.441 CET [5368] LOG: invalid record length at 157/4F24D1E0: wanted 24, got 0 2023-01-14 01:22:50.441 CET [5368] LOG: redo done at 157/4F24D1A8 2023-01-14 01:22:50.891 CET [4520] LOG: database system is ready to accept connections
The segfault is caused by ST_Buffer. Omitting ST_Buffer or calling it with buffer_or_radius=0
causes no segfault.
Calling ST_SetSRID with srid=4647
before ST_Transform is nonsense but ST_Buffer should not segfault on the resulting geometry. The origin of this query is a database user who erroneously set incorrect SRID 4647 before transforming geometries.
I cannot reproduce it with Docker images postgis/postgis:12-3.2
or postgis/postgis:14-3.3
.
Postgres & PostGIS versions
PostgreSQL 12.13, compiled by Visual C++ build 1914, 64-bit POSTGIS="3.2.2 3.2.2" [EXTENSION] PGSQL="120" GEOS="3.10.3-CAPI-1.16.1" SFCGAL="1.4.1" PROJ="7.2.1" GDAL="GDAL 3.4.2, released 2022/03/08 GDAL_DATA not found" LIBXML="2.9.9" LIBJSON="0.12" LIBPROTOBUF="1.2.1" WAGYU="0.5.0 (Internal)" RASTER
PostgreSQL 14.6, compiled by Visual C++ build 1914, 64-bit POSTGIS="3.3.2 3.3.2" [EXTENSION] PGSQL="140" GEOS="3.11.1-CAPI-1.17.1" PROJ="7.2.1" LIBXML="2.9.9" LIBJSON="0.12" LIBPROTOBUF="1.2.1" WAGYU="0.5.0 (Internal)"
System
Microsoft Windows Server 2019 Standard Version 10.0.17763 Build 17763
Attachments (1)
Change History (17)
comment:1 by , 23 months ago
Description: | modified (diff) |
---|
comment:2 by , 23 months ago
Description: | modified (diff) |
---|
comment:3 by , 23 months ago
Milestone: | → PostGIS 3.2.4 |
---|---|
Priority: | medium → blocker |
comment:4 by , 23 months ago
Milestone: | PostGIS 3.2.4 → PostGIS 3.0.9 |
---|---|
Owner: | changed from | to
Summary: | ST_Buffer causes segfault → ST_Buffer causes segfault on polygon with infinity coordinates |
I'm also checking what other functions we are missing infinity checks on that need them.
comment:5 by , 22 months ago
I attached the stacktrace that I got with windbg as described here: https://wiki.postgresql.org/wiki/Using_windbg.exe_to_debug_PostgreSQL.
PostgreSQL 14.6, compiled by Visual C++ build 1914, 64-bit POSTGIS="3.3.2 3.3.2" [EXTENSION] PGSQL="140" GEOS="3.11.1-CAPI-1.17.1" PROJ="7.2.1" LIBXML="2.9.9" LIBJSON="0.12" LIBPROTOBUF="1.2.1" WAGYU="0.5.0 (Internal)"
comment:6 by , 22 months ago
Segfault only occurs when calling ST_Buffer
with style endcap=round
or endcap=square
. Style endcap=flat
results in an empty polygon.
comment:10 by , 22 months ago
Milestone: | PostGIS 3.0.9 → PostGIS 3.2.4 |
---|
These changes don't apply cleanly to 3.1 and below, so I think I'll stop at 3.2.4. Also realized I forgot to free, so will make some adjustments and then close these out.
comment:11 by , 22 months ago
Milestone: | PostGIS 3.2.4 → PostGIS 3.0.9 |
---|
Scratch that thought, I think I have it working.
Confirmed it crashes too
But interestingly this doesn't crash:
and gives a:
It doesn't crash on my Linux Debian Arm server running:
POSTGIS="3.3.2 4975da8" [EXTENSION] PGSQL="150" GEOS="3.10.2-CAPI-1.16.0" SFCGAL="SFCGAL 1.4.1, CGAL 5.3.1, BOOST 1.74.0" PROJ="8.2.1" GDAL="GDAL 3.4.1, released 2021/12/27" LIBXML="2.9.13" LIBJSON="0.15" LIBPROTOBUF="1.3.3" WAGYU="0.5.0 (Internal)" (core procs from "3.3.0dev fef762990" need upgrade) TOPOLOGY (topology procs from "3.3.0dev fef762990" need upgrade) RASTER (raster procs from "3.3.0dev fef762990" need upgrade) (sfcgal procs from "3.3.0dev fef762990" need upgrade) PostgreSQL 15.1 (Ubuntu 15.1-1.pgdg22.04+1) on aarch64-unknown-linux-gnu, compiled by gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0, 64-bit
it gives error on both the ST_AsText and ST_Buffer
So I guess the ultimate issue, is buffer can't buffer the infinity polygon which interestingly I can't cast back to a geometry. Gives invalid geometry if I try to do
However on my Linux box
Gives a ERROR: SSL SYSCALL error: EOF detected
which is not quite a crash but should never happen.