Opened 12 years ago

Closed 12 years ago

#2195 closed defect (fixed)

[Security] Crash Postgres Service when call ST_OffsetCurve with Identicall point in LineString

Reported by: unnamed38 Owned by: pramsey
Priority: high Milestone: PostGIS GEOS
Component: postgis Version: 2.0.x
Keywords: ST_offsetCurve Crash postgres 9 Cc:

Description

Service postgresSQL 9 crash when it calls the ST_OffsetCurve method with parameter: a linestring composed by same following point point. See as example:

— Crash service postgres 9 SELECT ST_AsText(ST_OffsetCurve(geom, -15, 'quad_segs=4 join=round')) As notsocurvy FROM ST_GeomFromText('LINESTRING(0 0, 1 1, 2 2, 2 2, 2 1, 3 3, 3 1)') As geom;

Test

Windows 7 64bits SELECT PostGIS_full_version(); — "POSTGIS="2.0.1 r9979" GEOS="3.3.5-CAPI-1.7.5" PROJ="Rel. 4.8.0, 6 March 2012" GDAL="GDAL 1.9.1, released 2012/05/15" LIBXML="2.7.8" LIBJSON="UNKNOWN" RASTER" SELECT version(); — "PostgreSQL 9.1.4, compiled by Visual C++ build 1500, 64-bit"

Windows 7 32bits SELECT PostGIS_full_version(); — "POSTGIS="2.0.1 r9979" GEOS="3.3.5-CAPI-1.7.5" PROJ="Rel. 4.8.0, 6 March 2012" GDAL="GDAL 1.9.1, released 2012/05/15 GDAL_DATA not found" LIBXML="2.7.8" LIBJSON="UNKNOWN" RASTER" SELECT version(); — "PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 32-bit"

Linux RedHat 64bits SELECT PostGIS_full_version(); — "POSTGIS="2.0.0 r9605" GEOS="3.3.3-CAPI-1.7.4" PROJ="Rel. 4.7.1, 23 September 2009" GDAL="GDAL 1.7.2, released 2010/04/23" LIBXML="2.7.6" TOPOLOGY RASTER" SELECT version(); — "PostgreSQL 9.1.3 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.4.6 20110731 (Red Hat 4.4.6-3), 64-bit"

I know that using linestring with same following point is not a good way to do but the crash of the database is a real security problem

Attachments (2)

test.sql (168 bytes ) - added by unnamed38 12 years ago.
SQL Query that crash postgres
postgresql-2013-01-30_161500.log (3.2 KB ) - added by unnamed38 12 years ago.
Fench Log for the crash

Download all attachments as: .zip

Change History (4)

by unnamed38, 12 years ago

Attachment: test.sql added

SQL Query that crash postgres

by unnamed38, 12 years ago

Attachment: postgresql-2013-01-30_161500.log added

Fench Log for the crash

comment:1 by robe, 12 years ago

This doesn't seem to crash on my 2.1.0 9.2 64-bit windows: 

PostgreSQL 9.2.2, compiled by Visual C++ build 1600, 64-bitPOSTGIS="2.1.0SVN r11008" GEOS="3.4.0dev-CAPI-1.8.0 r0" PROJ="Rel. 4.8.0, 6 March 2012" GDAL="GDAL 1.9.2, released 2012/10/08" LIBXML="2.7.8" LIBJSON="UNKNOWN" RASTER

Just gives error: 

ERROR:  GEOSOffsetCurve: IllegalArgumentException: RobustDeterminant encountered non-finite numbers

so might be an already fixed bug in GEOS.

comment:2 by strk, 12 years ago

Milestone: PostGIS 2.0.3PostGIS GEOS
Resolution: fixed
Status: newclosed

No crash here too: 

POSTGIS="2.0.2 r11136" GEOS="3.3.8dev-CAPI-1.7.8"

GEOS 3.3.8 was actually released on Feb 27 2013. Assuming fixed.

Note: See TracTickets for help on using tickets.