Context Navigation

← Previous Ticket
Next Ticket →

#1936 closed defect (fixed)

gml xml string crashes postgresql server

Reported by:	fordfrog	Owned by:	pramsey
Priority:	high	Milestone:	PostGIS 2.0.2
Component:	postgis	Version:	2.0.x
Keywords:	history	Cc:	petr@…

Description

the attached statement crashes postgresql. i have postgresql 9.1.4 with postgis 2.0.1 running on gentoo linux.

Attachments (2)

postgis_crash.sql (11.4 KB ) - added by fordfrog 12 years ago.: statement crashing postgresql server
backtrace.txt (1.3 KB ) - added by xificurk 12 years ago.: Backtrace for the postgis_crash.sql generated on POSTGIS="2.0.0 r9605" GEOS="3.3.3-CAPI-1.7.4" PROJ="Rel. 4.8.0, 6 March 2012" LIBXML="2.8.0".

Download all attachments as: .zip

Change History (12)

by fordfrog, 12 years ago

Attachment:	postgis_crash.sql added

statement crashing postgresql server

comment:1 by robe, 12 years ago

Priority:	medium → high

crashes for me too under windows tested with:

2.1.0SVN GEOS=3.4.0dev-CAPI-1.8.0 PROJ="Rel. 4.8.0, 6 March 2012" GDAL="GDAL 1.9.1, released 2012/05/15" LIBXML="2.7.8"

by xificurk, 12 years ago

Attachment:	backtrace.txt added

Backtrace for the postgis_crash.sql generated on POSTGIS="2.0.0 r9605" GEOS="3.3.3-CAPI-1.7.4" PROJ="Rel. 4.8.0, 6 March 2012" LIBXML="2.8.0".

comment:2 by xificurk, 12 years ago

I've noticed that, when I remove gml:interior element from the query, database does not crash, but reports invalid GML representation, although at first glance it seems valid.

comment:3 by xificurk, 12 years ago

Cc:	petr@… added

comment:4 by pramsey, 12 years ago

This much smaller one also takes it down under OSX (I just removed most of the ordinates, and kept the structure.

select st_astext(st_geomfromgml(
    '<gml:Polygon xmlns:gml="http://www.opengis.net/gml/3.2" 
    gml:id="HPA.15449990010" srsName="urn:ogc:def:crs:EPSG::2065" 
    srsDimension="2">
    <gml:exterior><gml:Ring>
    <gml:curveMember><gml:LineString gml:id="HPA.15449990010.1"><gml:posList>711540.35 1070163.61 711523.82 1070166.54 711521.30 1070164.14 711519.52 1070162.44 711518.57 1070164.62 712154.47 1070824.94</gml:posList></gml:LineString></gml:curveMember><gml:curveMember><gml:Curve gml:id="HPA.15449990010.2"><gml:segments><gml:ArcString><gml:posList>712154.47 1070824.94 712154.98 1070826.04 712154.41 1070827.22</gml:posList></gml:ArcString></gml:segments></gml:Curve></gml:curveMember><gml:curveMember><gml:LineString gml:id="HPA.15449990010.3"><gml:posList>712154.41 1070827.22 712160.31 1070837.07 712160.92 1070835.36 712207.89 1071007.95</gml:posList></gml:LineString></gml:curveMember><gml:curveMember><gml:Curve gml:id="HPA.15449990010.4"><gml:segments><gml:ArcString><gml:posList>712207.89 1071007.95 712207.48 1071005.59 712208.38 1071001.28</gml:posList></gml:ArcString></gml:segments></gml:Curve></gml:curveMember><gml:curveMember><gml:LineString gml:id="HPA.15449990010.5"><gml:posList>712208.38 1071001.28 712228.74 1070949.67 712233.98 1070936.15 712124.93 1070788.72</gml:posList></gml:LineString></gml:curveMember><gml:curveMember><gml:Curve gml:id="HPA.15449990010.6"><gml:segments><gml:ArcString><gml:posList>712124.93 1070788.72 712124.28 1070785.87 712124.63 1070783.38</gml:posList></gml:ArcString></gml:segments></gml:Curve></gml:curveMember><gml:curveMember><gml:LineString gml:id="HPA.15449990010.7"><gml:posList>712124.63 1070783.38 712141.04 1070764.12 712146.60 1070757.01 711540.35 1070163.61</gml:posList></gml:LineString></gml:curveMember></gml:Ring></gml:exterior><gml:interior><gml:LinearRing><gml:posList>713061.62 1070354.46 713053.59 1070335.12 713049.58 1070315.92 713049.65 1070298.33 713061.62 1070354.46</gml:posList></gml:LinearRing></gml:interior></gml:Polygon>'));

comment:5 by pramsey, 12 years ago

It also kills 1.5, documented in #1985

comment:6 by colivier, 12 years ago

I didn't noticed this ticket before, sorry for that.

From Paul's request, a simpler one's able to reproduce this issue:

SELECT ST_GeomFromGML(' <gml:Polygon xmlns:gml="http://www.opengis.net/gml/3.2" gml:id="HPA.15449990010" srsName="urn:ogc:def:crs:EPSG::2065" srsDimension="2">

<gml:interior>

<gml:LinearRing>

<gml:posList>713061.62 1070354.46 713053.59 1070335.12 713049.58 1070315.92 713049.65 1070298.33 713061.62 1070354.46</gml:posList>

</gml:LinearRing>

</gml:interior>

</gml:Polygon> ');

After a quick code review, this patch should fix this issue,

Index: lwgeom_in_gml.c =================================================================== —- lwgeom_in_gml.c (revision 10251) +++ lwgeom_in_gml.c (working copy) @@ -1147,7 +1147,7 @@

/* Polygon/exterior → GML 3.1.1 */ if (xa→type != XML_ELEMENT_NODE) continue; if (!is_gml_namespace(xa, false)) continue;

if (strcmp((char *) xa→name, "outerBoundaryIs") &&

+ if (strcmp((char *) xa→name, "outerBoundaryIs")

strcmp((char *) xa→name, "exterior")) continue;

for (xb = xa→children ; xb != NULL ; xb = xb→next)

@@ -1174,7 +1174,7 @@

/* Polygon/interior → GML 3.1.1 */ if (xa→type != XML_ELEMENT_NODE) continue; if (!is_gml_namespace(xa, false)) continue;

if (strcmp((char *) xa→name, "innerBoundaryIs") &&

+ if (strcmp((char *) xa→name, "innerBoundaryIs")

strcmp((char *) xa→name, "interior")) continue;

for (xb = xa→children ; xb != NULL ; xb = xb→next)

I did'nt yet check with unit test to be sure there's no regression I could look at it again Sunday evening.

comment:7 by pramsey, 12 years ago

I have a fix pending actually, passes tests.

comment:8 by pramsey, 12 years ago

Resolution:	→ fixed
Status:	new → closed

Fix committed to 2.0 at r10253 and trunk at r10255

comment:9 by pramsey, 12 years ago

The fix removes the crash, but does not handle the geometry, which is a CurvePolygon. I've ticketed curve support in GML here: #1986

comment:10 by robe, 11 years ago

Keywords:	history added

Note: See TracTickets for help on using tickets.

Download in other formats: