Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#4247 closed defect (fixed)

Undefined behaviour in next_float_down / next_float_up

Reported by: Algunenano Owned by: Algunenano
Priority: high Milestone: PostGIS 2.3.8
Component: postgis Version: 2.3.x
Keywords: Cc:

Description

When passing double bigger than FLT_MAX or smaller than -FLT_MAX the behaviour of the function is undefined.

#0  0x00007f8574dd1451 in next_float_down (d=-1.7976931348623157e+308) at lwgeom_api.c:53
53              float result  = d;
(gdb) bt
#0  0x00007f8574dd1451 in next_float_down (d=-1.7976931348623157e+308) at lwgeom_api.c:53
#1  0x00007f8574e9907d in gserialized_from_gbox (gbox=0x55f1780ae898, 
    buf=0x55f1780ae930 "\033y\202J\034y\202J\275\034}H\276\034}Hjx\245Dkx\245D") at g_serialized.c:1159
#2  0x00007f8574e98288 in gserialized_from_lwgeom (geom=0x55f1780ae738, size=0x7ffda6b14c60) at g_serialized.c:1209
#3  0x00007f8574d90fe7 in geometry_serialize (lwgeom=0x55f1780ae738) at lwgeom_pg.c:205
#4  0x00007f8574c04cef in LWGEOM_in (fcinfo=0x7ffda6b14e08) at lwgeom_inout.c:140
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `postgres: raul postgis_reg [local] SELECT  '.
Program terminated with signal SIGILL, Illegal instruction.
#0  0x00007f8574dd1551 in next_float_up (d=-1.7976931348623157e+308) at lwgeom_api.c:71
71              float result  = d;
(gdb) q

This might have an effect when serializing geometries.

Change History (8)

comment:2 by Algunenano, 5 years ago

Milestone: PostGIS 3.0.0PostGIS 2.4.6
Version: trunk2.4.x

This affects all releases under maintenance but, since the function changed in 2.4 I'm only applying the patch to 2.4, 2.5 and trunk.

comment:3 by Raul Marin, 5 years ago

In 17035:

Avoid undefined behaviour in next_float functions (Raúl Marín)

References #4247

comment:4 by Raul Marin, 5 years ago

In 17036:

Avoid undefined behaviour in next_float functions (Raúl Marín)

References #4247

comment:5 by Raul Marin, 5 years ago

In 17037:

Avoid undefined behaviour in next_float functions (Raúl Marín)

References #4247

comment:6 by Raul Marin, 5 years ago

Resolution: fixed
Status: assignedclosed

In 17038:

Avoid undefined behaviour in next_float functions (Raúl Marín)

Closes #4247
Closes https://github.com/postgis/postgis/pull/339

comment:7 by Algunenano, 5 years ago

Milestone: PostGIS 2.4.6PostGIS 2.5.2

comment:8 by Algunenano, 5 years ago

Milestone: PostGIS 2.5.2PostGIS 2.3.8
Version: 2.4.x2.3.x
Note: See TracTickets for help on using tickets.