Opened 5 years ago
Closed 5 years ago
#4537 closed defect (fixed)
Leak in WKT collection parser
Reported by: | komzpa | Owned by: | pramsey |
---|---|---|---|
Priority: | medium | Milestone: | PostGIS 3.0.1 |
Component: | postgis | Version: | 2.5.x -- EOL |
Keywords: | Cc: |
Description
https://oss-fuzz.com/testcase-detail/5727346518130688
Input is "TINEMPTY,"
================================================================= ==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x496abd in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x60668e in lwcollection_construct_empty /src/postgis/liblwgeom/lwcollection.c:101:8 #2 0x618bc9 in wkt_parser_collection_finalize /src/postgis/liblwgeom/lwin_wkt.c:813:33 #3 0x6722b2 in wkt_yyparse /src/postgis/liblwgeom/lwin_wkt_parse.y:290:31 #4 0x66e070 in lwgeom_parse_wkt /src/postgis/liblwgeom/lwin_wkt_parse.y:68:13 #5 0x619239 in lwgeom_from_wkt /src/postgis/liblwgeom/lwin_wkt.c:909:20 #6 0x4c9eeb in LLVMFuzzerTestOneInput /src/postgis/fuzzers/wkt_import_fuzzer.cpp:120:26 #7 0x51a716 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15 #8 0x4cb25f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6 #9 0x4d8ec2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9 #10 0x4ca8a7 in main /src/libfuzzer/FuzzerMain.cpp:19:10 #11 0x7fe3fdac182f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291 ================================================================================ The following leaks are not necessarily related to the first leak. Indirect leak of 8 byte(s) in 1 object(s) allocated from: #0 0x496abd in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x606741 in lwcollection_construct_empty /src/postgis/liblwgeom/lwcollection.c:107:15 #2 0x618bc9 in wkt_parser_collection_finalize /src/postgis/liblwgeom/lwin_wkt.c:813:33 #3 0x6722b2 in wkt_yyparse /src/postgis/liblwgeom/lwin_wkt_parse.y:290:31 #4 0x66e070 in lwgeom_parse_wkt /src/postgis/liblwgeom/lwin_wkt_parse.y:68:13 #5 0x619239 in lwgeom_from_wkt /src/postgis/liblwgeom/lwin_wkt.c:909:20 #6 0x4c9eeb in LLVMFuzzerTestOneInput /src/postgis/fuzzers/wkt_import_fuzzer.cpp:120:26 #7 0x51a716 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15 #8 0x4cb25f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6 #9 0x4d8ec2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9 #10 0x4ca8a7 in main /src/libfuzzer/FuzzerMain.cpp:19:10 #11 0x7fe3fdac182f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291 SUMMARY: AddressSanitizer: 40 byte(s) leaked in 2 allocation(s).
Change History (6)
comment:1 by , 5 years ago
Milestone: | PostGIS 2.5.4 → PostGIS 3.0.1 |
---|
comment:2 by , 5 years ago
Note:
See TracTickets
for help on using tickets.
PR: https://github.com/postgis/postgis/pull/494