#4709 closed defect (fixed)
Backend crash with TopoGeo_addLinestring against an invalid topology (2)
| Reported by: | strk | Owned by: | strk |
|---|---|---|---|
| Priority: | blocker | Milestone: | |
| Component: | topology | Version: | master |
| Keywords: | Cc: |
Description
In some circumstance, the TopoGeo_addLinestring function ends up finding N edges forming a ring from one of the edges resulting from the input linestring (this operation is performed by following edge linking information) and later fails to find all the corresponding edge_data records in the topology primitive table.
NOTICE: failed after trying with tolerance 6.75 : XX000 message: Unexpected error: 6461 edges found when expecting 6462 detail : hint : context: SQ
L statement "SELECT ARRAY(SELECT topology.TopoGeo_addLinestring('test_topo_t4','0102000020E9640000040000003B28C645D88B1A41366677CC3F675B413B28C645B08B1A
4123A36AD93E675B413B28C645608B1A41FD1C51F33C675B413B28C645388B1A41EA5944003C675B41',6.75))"
When such occurrence happens, the cleanup code in _lwt_MakeRingShell attempts to release the expected number of edges, rather than the obtained number of edges, resulting in potential access to unallocated memory (segfault)
This is a followup of #4706 and the fix needs be backported to all relevant branches.
Change History (14)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
The fix seems easy, but we need to find out how it is possible to think more edges than available when that's not the case. Theoretically we have a referencial integrity in place so it should NOT be possible for an edge to reference non-existing edges, but maybe such constraint is verified only at the end of the transaction thus leaving the door open to such occurrence. For a test we might intentionally lift the referencial integrity constraint, corrupt the topolody, call the function.
comment:4 by , 4 years ago
NOTE: edge linking corruptions are NOT correctly handled by ValidateTopology, as reported in #3042
comment:5 by , 4 years ago
Referencial integrity checks for edge linking are DEFERRED by default, which explains why it is possible to obtain such behavior:
"next_left_edge_exists" FOREIGN KEY (abs_next_left_edge) REFERENCES city_data.edge_data(edge_id) DEFERRABLE INITIALLY DEFERRED
"next_right_edge_exists" FOREIGN KEY (abs_next_right_edge) REFERENCES city_data.edge_data(edge_id) DEFERRABLE INITIALLY DEFERRED
comment:6 by , 4 years ago
For the record, while trying a few things to corrupt the topology and invoke the ST_AddEdgeModFace function I'm getting other kind of errors (but no segfaults) like:
ERROR: ptarray_contains_point called on unclosed ring
I'll keep trying but those errors should probably also be somehow handled and transformed in a clear message for the user that the underlying topology is corrupted
Downstream ticket: https://github.com/larsop/resolve-overlap-and-gap/issues/1#issuecomment-650104194