Opened 6 weeks ago

Closed 5 weeks ago

#5794 closed defect (fixed)

Crash with TopoGeo_addPoint

Reported by: strk Owned by: strk
Priority: blocker Milestone: PostGIS 3.5.1
Component: topology Version: 3.4.x
Keywords: crash Cc: Lars Aksel Opsahl

Description

Testcase: 

SELECT NULL FROM topology.CreateTopology ('topo');                                                                                                                                             
SELECT NULL FROM topology.TopoGeo_addLinestring('topo', 'LINESTRING(0 0, 10 0)');                                                                                                              
SELECT NULL FROM topology.TopoGeo_addPoint('topo', 'POINT(9 5)', 5);

PostGIS-3.4 is not affected, crashers are from 3.5 onward. Must be the experimental code doing edge merges.

Change History (5)

comment:1 by strk, 6 weeks ago 

==105313== Use of uninitialised value of size 8
==105313==    at 0x13DC9534: lwgeom_closest_point (measures.c:57)
==105313==    by 0x13DBAFED: _lwt_SplitAllEdgesToNewNode (lwgeom_topo.c:6576)
==105313==    by 0x13DBAFED: _lwt_AddPoint (lwgeom_topo.c:6859)
==105313==    by 0x13D745F1: UnknownInlinedFun (postgis_topology.c:5042)
==105313==    by 0x13D745F1: TopoGeo_AddPoint (postgis_topology.c:4976)
==105313==    by 0x468B2C: ExecMakeTableFunctionResult (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x47A659: ??? (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x469499: ExecScan (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x45ABAC: standard_ExecutorRun (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x63D654: ??? (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x63F015: PortalRun (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x63FEA8: ??? (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x642BC6: PostgresMain (in /usr/lib/postgresql/16/bin/postgres)
==105313==    by 0x642D73: PostgresSingleUserMain (in /usr/lib/postgresql/16/bin/postgres)

comment:2 by strk, 5 weeks ago

The crash is due to none of the edges found to be within tolerance using lwt_be_getEdgeWithinDistance2D being *closer* than tolerance (which the snapping code is using). It can only be reproduced by specifying a tolerance which equals exactly the distance from the closest edge.

comment:3 by Lars Aksel Opsahl, 5 weeks ago

Cc: Lars Aksel Opsahl added

comment:4 by Sandro Santilli <strk@…>, 5 weeks ago

In cfc46e4/git:

Fix crash in TopoGeo_addPoint

References #5794 in master branch (3.6.0dev)
Includes regress test

comment:5 by Sandro Santilli <strk@…>, 5 weeks ago

Resolution: fixed
Status: newclosed

In 0b55ff4/git:

Fix crash in TopoGeo_addPoint

Closes #5794 in 3.5 branch (3.5.1dev)
Includes regress test

Note: See TracTickets for help on using tickets.