Opened 4 years ago

Closed 4 years ago

#4537 closed defect (fixed)

Leak in WKT collection parser

Reported by: komzpa Owned by: pramsey
Priority: medium Milestone: PostGIS 3.0.1
Component: postgis Version: 2.5.x -- EOL
Keywords: Cc:

Description

https://oss-fuzz.com/testcase-detail/5727346518130688

Input is "TINEMPTY,"

=================================================================
==1==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x496abd in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x60668e in lwcollection_construct_empty /src/postgis/liblwgeom/lwcollection.c:101:8
    #2 0x618bc9 in wkt_parser_collection_finalize /src/postgis/liblwgeom/lwin_wkt.c:813:33
    #3 0x6722b2 in wkt_yyparse /src/postgis/liblwgeom/lwin_wkt_parse.y:290:31
    #4 0x66e070 in lwgeom_parse_wkt /src/postgis/liblwgeom/lwin_wkt_parse.y:68:13
    #5 0x619239 in lwgeom_from_wkt /src/postgis/liblwgeom/lwin_wkt.c:909:20
    #6 0x4c9eeb in LLVMFuzzerTestOneInput /src/postgis/fuzzers/wkt_import_fuzzer.cpp:120:26
    #7 0x51a716 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
    #8 0x4cb25f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
    #9 0x4d8ec2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
    #10 0x4ca8a7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #11 0x7fe3fdac182f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291
================================================================================
The following leaks are not necessarily related to the first leak.
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x496abd in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x606741 in lwcollection_construct_empty /src/postgis/liblwgeom/lwcollection.c:107:15
    #2 0x618bc9 in wkt_parser_collection_finalize /src/postgis/liblwgeom/lwin_wkt.c:813:33
    #3 0x6722b2 in wkt_yyparse /src/postgis/liblwgeom/lwin_wkt_parse.y:290:31
    #4 0x66e070 in lwgeom_parse_wkt /src/postgis/liblwgeom/lwin_wkt_parse.y:68:13
    #5 0x619239 in lwgeom_from_wkt /src/postgis/liblwgeom/lwin_wkt.c:909:20
    #6 0x4c9eeb in LLVMFuzzerTestOneInput /src/postgis/fuzzers/wkt_import_fuzzer.cpp:120:26
    #7 0x51a716 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
    #8 0x4cb25f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
    #9 0x4d8ec2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
    #10 0x4ca8a7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #11 0x7fe3fdac182f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291
SUMMARY: AddressSanitizer: 40 byte(s) leaked in 2 allocation(s).

Change History (6)

comment:1 by komzpa, 4 years ago

Milestone: PostGIS 2.5.4PostGIS 3.0.1

comment:3 by Raul Marin, 4 years ago

In 17900:

Fix leak in WKT collection parser

References #4537

comment:4 by Raul Marin, 4 years ago

In 17901:

Fix leak in WKT collection parser

References #4537

comment:5 by Raul Marin, 4 years ago

In 17902:

Fix leak in WKT collection parser

References #4537

comment:6 by Raul Marin, 4 years ago

Resolution: fixed
Status: newclosed

In 17903:

Fix leak in WKT collection parser

Closes #4537
Closes https://github.com/postgis/postgis/pull/494

Note: See TracTickets for help on using tickets.