Opened 10 years ago

Closed 10 years ago

#2772 closed defect (fixed)

Memory corruption in ST_BandPath

Reported by: strk Owned by: Bborie Park
Priority: high Milestone: PostGIS 2.0.7
Component: raster Version: 2.0.x
Keywords: history Cc:


The ST_BandPath code contains memory error resulting in random memory being dumped for offline bands, see #2771.

Indeed the code seems to be destroying the memory containing the string before copying it to final value for return:

Change History (8)

comment:1 by Bborie Park, 10 years ago

Status: newassigned

comment:2 by strk, 10 years ago

Milestone: PostGIS 2.1.4PostGIS 2.0.7
Version: 2.1.x2.0.x

2.0 is also affected:

I'm taking a look at fixing it in 2.0

comment:3 by strk, 10 years ago

Forget it, I'm getting coredumps in testapi ! … filing another ticket about that (could be GDAL version related)

comment:4 by Bborie Park, 10 years ago

Still worth fixing.

What stack are you using for 2.0's testapi?

comment:5 by strk, 10 years ago

My patch for 2.0 is this one:

diff --git a/raster/rt_pg/rt_pg.c b/raster/rt_pg/rt_pg.c
index 2ced796..e020e0b 100644
--- a/raster/rt_pg/rt_pg.c
+++ b/raster/rt_pg/rt_pg.c
@@ -2385,10 +2385,10 @@ Datum RASTER_getBandPath(PG_FUNCTION_ARGS)
     bandpath = rt_band_get_ext_path(band);
-               rt_band_destroy(band);
-    rt_raster_destroy(raster);
     if ( ! bandpath )
+        rt_band_destroy(band);
+        rt_raster_destroy(raster);
@@ -2398,6 +2398,9 @@ Datum RASTER_getBandPath(PG_FUNCTION_ARGS)
     strcpy((char *) VARDATA(result), bandpath);
+    rt_band_destroy(band);
+    rt_raster_destroy(raster);

For the memory corruption I filed #2773

comment:6 by Bborie Park, 10 years ago

I'd have suggested moving the strcpy up instead…

comment:7 by strk, 10 years ago

your call, I can't test 2.0 and I'm getting ready for the weekend anyway, so it's all yours in all branches. Have fun ! :)

comment:8 by Bborie Park, 10 years ago

Keywords: history added
Resolution: fixed
Status: assignedclosed

I used your patch. Fixed in trunk as of r12631. Fixed in 2.1 as of r12632. Fixed in 2.0 as of r12633

Note: See TracTickets for help on using tickets.