Opened 4 months ago

Closed 4 months ago

Last modified 4 months ago

#5646 closed defect (fixed)

Collection with EMPTY component crashes ST_Intersects

Reported by: Wenjing Owned by: pramsey
Priority: medium Milestone: PostGIS 3.4.2
Component: postgis Version: 3.4.x
Keywords: Cc:

Description (last modified by Wenjing)

The following statements crash Postgis: 

DROP TABLE IF EXISTS t0; 
CREATE TABLE t0 (id int, geom geometry);
INSERT INTO t0 (id, geom) VALUES (1,ST_MPointFromText('MULTIPOINT((0 0))',0));
INSERT INTO t0 (id, geom) VALUES (2,ST_MPointFromText('MULTIPOINT((0 1))',0));
INSERT INTO t0 (id, geom) VALUES (3,ST_PolygonFromText('POLYGON EMPTY',0));
INSERT INTO t0 (id, geom) VALUES (4,ST_PolygonFromText('POLYGON((0 0,-1 1,-1 2,0 0))',0));
INSERT INTO t0 (id, geom)      SELECT 5, ST_Collect(ARRAY[t0.geom, t2.geom])      FROM t0 As t0, t0 As t2     WHERE t0.id = 4     and t2.id = 3; 

SELECT COUNT(*) FROM t0 As a1 JOIN t0 As a2 ON ST_Intersects(a1.geom, a2.geom);

-- psql:script/test.sql:10: server closed the connection unexpectedly
--         This probably means the server terminated abnormally
--         before or while processing the request.
-- psql:script/test.sql:10: error: connection to server was lost

The stack information: 

Program received signal SIGSEGV, Segmentation fault.
0x00007fed2ffdede8 in IntervalIsContained (interval=0x54a000000023, value=570) at lwgeom_rtree.c:103
103             return FP_CONTAINS_INCL(interval->min, value, interval->max) ? 1 : 0;
(gdb) bt
#0  0x00007fed2ffdede8 in IntervalIsContained (interval=0x54a000000023, value=570)
    at lwgeom_rtree.c:103
#1  0x00007fed2ffdfbb2 in RTreeFindLineSegments (root=0x54a000000023, value=570)
    at lwgeom_rtree.c:440
#2  0x00007fed2ffdfe23 in point_in_ring_rtree (root=0x54a000000023, 
    point=0x5589262a0118)
    at lwgeom_rtree.c:515
#3  0x00007fed2ffe0235 in point_in_multipolygon_rtree (root=0x558926629d10, 
    polyCount=2, 
    ringCounts=0x5589266298a8, 
    point=0x5589262a0180)
    at lwgeom_rtree.c:605
#4  0x00007fed2ffe041d in pip_short_circuit (poly_cache=0x5589266299f0, 
    point=0x5589262a0180, 
    gpoly=0x5589262a0060)
    at lwgeom_rtree.c:661
#5  0x00007fed2ffba6e6 in ST_Intersects (fcinfo=0x5589266270f0) at lwgeom_geos.c:2382
#6  0x0000558924f4b040 in ExecInterpExpr()
#7  0x0000558924f7b94c in ExecNestLoop ()
#8  0x0000558924f5e241 in fetch_input_tuple ()
#9  0x0000558924f61343 in ExecAgg ()
#10 0x0000558924f4e872 in standard_ExecutorRun ()
#11 0x00005589250ea1df in PortalRunSelect()
#12 0x00005589250eb5c3 in PortalRun ()
#13 0x00005589250e7a9d in exec_simple_query ()
#14 0x00005589250e9de5 in PostgresMain ()
#15 0x0000558925063d8e in ServerLoop ()
#16 0x0000558925064cdc in PostmasterMain()
#17 0x0000558924db5bb1 in main ()

Because I cannot build PostGIS successfully when using the latest version of PostGIS in GitHub, I chose the latest one with a green check mark, which means a completely successful build in CI/CD.

Version is g61bc019eb behind [the fix of the last EMPTY crash](https://trac.osgeo.org/postgis/changeset/e85cd10523ac7cd5e9ebe34c45f3317e9a19fe32/git), instead of the latest one: 

                    | pg_backend_pid 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------
 POSTGIS="3.5.0dev 3.4.0rc1-839-g61bc019eb" [EXTENSION] PGSQL="170" GEOS="3.13.0dev-CAPI-1.18.0" PROJ="8.2.1 NETWORK_ENABLED=OFF URL_ENDPOINT=https://cdn.proj.org USER_WRITABLE_DIRECTORY=/tmp/proj DATABASE_PATH=/usr/share/proj/proj.db" LIBXML="2.9.13" |          20653
(1 row)

Change History (14)

comment:1 by Wenjing, 4 months ago

Description: modified (diff)

comment:2 by Wenjing, 4 months ago

@Regina Obe, did you already have a chance to look at the report? After this is being fixed, we could continue finding and reporting additional potential bugs.

comment:3 by robe, 4 months ago

@Wenjing,

Okay just confirmed it's still an issue.

comment:4 by pramsey, 4 months ago

Crashes for me too on latest main.

comment:5 by pramsey, 4 months ago

Ah, it's a problem in the point-in-polygon cached index. As it happens I'm re-writing that now, but I guess I have to also find a fix for this problem.

comment:6 by pramsey, 4 months ago

Smaller repro 

select 
st_intersects(a.geom, b.geom), 
       st_astext(a.geom), 
       st_astext(b.geom) 
from t0 as a, 
     t0 as b, 
     generate_series(1,2) where a.id = 5 and b.id = 2;

comment:7 by Paul Ramsey <pramsey@…>, 4 months ago

In 6079583/git:

Crash on collections with empty members, references #5646

comment:8 by Paul Ramsey <pramsey@…>, 4 months ago

In cb6fff2/git:

Crash on collections with empty members, references #5646

comment:9 by Paul Ramsey <pramsey@…>, 4 months ago

In 3489493/git:

Crash on collections with empty members, references #5646

comment:10 by Paul Ramsey <pramsey@…>, 4 months ago

In 4a05e74f/git:

Crash on collections with empty members, references #5646

comment:11 by Paul Ramsey <pramsey@…>, 4 months ago

In 003c0548/git:

Crash on collections with empty members, references #5646

comment:12 by Paul Ramsey <pramsey@…>, 4 months ago

In 0996738/git:

Crash on collections with empty members, references #5646

comment:13 by pramsey, 4 months ago

Resolution: fixed
Status: newclosed

comment:14 by pramsey, 4 months ago

Summary: ST_Collect using EMPTY crashes ST_IntersectsCollection with EMPTY component crashes ST_Intersects
Note: See TracTickets for help on using tickets.