Opened 19 months ago

Closed 19 months ago

#5384 closed defect (fixed)

ST_AsGML with empty nprefix crashes backend

Reported by: strk Owned by: strk
Priority: blocker Milestone: PostGIS 3.0.9
Component: postgis Version: 3.0.x
Keywords: Cc:

Description

As reported in https://lists.osgeo.org/pipermail/postgis-users/2023-May/045954.html I confirm this query crashes the backed as of current 3.3 branch: 

SELECT ST_AsGML(ST_GeomFromText('MULTIPOLYGON(((0 0,0 1,1 1,1 0,0 
0)),((0 0,0 1,1 1,1 0,0 0)))',4326), 15, 0, '', '1');

Change History (14)

comment:1 by strk, 19 months ago

Milestone: PostGIS 3.3.3PostGIS 3.0.9
Version: 3.3.x3.0.x

I've tested the bug being present in all branches back to 3.0

comment:2 by strk, 19 months ago

Interestingly, despite the first argument being a geometry, the inner C code handlign it is the one for geography. Those GML signatures really need some overall cleanup

comment:3 by strk, 19 months ago

Owner: changed from pramsey to strk
Status: newassigned

comment:4 by Sandro Santilli <strk@…>, 19 months ago

In 0ffc9e1/git:

Fix crash in ST_AsGML when given id is longer than given prefix

Includes regress test.
References #5384 in master branch (3.4.0dev)

comment:5 by Sandro Santilli <strk@…>, 19 months ago

Resolution: fixed
Status: assignedclosed

In 72385411/git:

Fix crash in ST_AsGML when given id is longer than given prefix

Includes regress test.
Closes #5384 in 3.0 branch (3.0.9dev)

comment:6 by Sandro Santilli <strk@…>, 19 months ago

In 44507e0/git:

Fix crash in ST_AsGML when given id is longer than given prefix

Includes regress test.
References #5384 in 3.1 branch (3.1.9dev)

comment:7 by Sandro Santilli <strk@…>, 19 months ago

In 5584452/git:

Fix crash in ST_AsGML when given id is longer than given prefix

Includes regress test.
References #5384 in 3.2 branch (3.2.5dev)

comment:8 by Sandro Santilli <strk@…>, 19 months ago

In a303039/git:

Fix crash in ST_AsGML when given id is longer than given prefix

Includes regress test.
References #5384 in 3.3 branch (3.3.3dev)

comment:9 by strk, 19 months ago

Resolution: fixed
Status: closedreopened

Reopening as there are more memory issues in that code path, see https://debbie.postgis.net/job/PostGIS_Regress/25157/console

showing: 20:04:46 +WARNING: problem in alloc set ExprContext: detected write past chunk end in block 0x55c3b87a2590, chunk 0x55c3b87a2628

comment:10 by Sandro Santilli <strk@…>, 19 months ago

In d0b11f0/git:

Fix write past end of block in GML output

References #5384 in master branch (3.4.0dev)

comment:11 by Sandro Santilli <strk@…>, 19 months ago

In b4511a7/git:

Fix write past end of block in GML output

References #5384 in 3.3 branch (3.3.3dev)

comment:12 by Sandro Santilli <strk@…>, 19 months ago

In 0b5a637/git:

Fix write past end of block in GML output

References #5384 in 3.2 branch (3.2.5dev)

comment:13 by Sandro Santilli <strk@…>, 19 months ago

In e0d077c7/git:

Fix write past end of block in GML output

References #5384 in 3.1 branch (3.1.9dev)

comment:14 by Sandro Santilli <strk@…>, 19 months ago

Resolution: fixed
Status: reopenedclosed

In 5faf8b6/git:

Fix write past end of block in GML output

Closes #5384 in 3.0 branch (3.0.9dev)

Note: See TracTickets for help on using tickets.