PostGIS/PostgreSQL process terminates on invalid geometry

[hopfgartner]

On:

SELECT St_Buffer('0101000020E8640000000000000000F8FF000000000000F8FF', 50);

the PostgreSQL/PostGIS process leaves with:

server closed the connection unexpectedly
	This probably means the server terminated abnormally
	before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.

The text representation of this geometry is POINT(nan nan)

This happens with:

• POSTGIS="1.5.1" GEOS="3.2.2-CAPI-1.6.2"
• POSTGIS="1.3.5" GEOS="3.0.1-CAPI-1.4.2"
• POSTGIS="2.0.0SVN" GEOS="3.3.0-CAPI-1.7.0", as of 2010-10-14

[hopfgartner]

I've tried to dig into this issue and added some debug info to postgis-1.5.1/postgis/lwgeom_geos.c, see attached file. When I run the query above, I get the following output:

melzo=# SELECT buffer('0101000020E8640000000000000000F8FF000000000000F8FF', 50.0); NOTICE: [lwgparse.c:parse_it:1669] parse_it: 0101000020E8640000000000000000F8FF000000000000F8FF with parser flags 7 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:alloc_lwgeom:343] alloc_lwgeom -1 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:alloc_wkb:1658] alloc_wkb LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:parse_wkb:1539] parse_wkb LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:alloc_stack_tuple:432] alloc_stack_tuple: type = 1, size = 1 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:alloc_stack_tuple:443] alloc_stack_tuple complete: 0x1c2212a0 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:check_dims:926] check_dims the_geom.ndims = 2, num = 2 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:pop:913] pop: type= 1, tuple= 0x1c2212a0 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgparse.c:make_serialized_lwgeom:1274] make_serialized_lwgeom LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom.c:serialized_lwgeom_from_ewkt:704] serialized_lwgeom_from_ewkt with 0101000020E8640000000000000000F8FF000000000000F8FF LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:lwgeom_getType:853] lwgeom_getType 65 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom.c:lwgeom_deserialize:26] lwgeom_deserialize got 1 - Point LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwpoint.c:lwpoint_deserialize:255] lwpoint_deserialize called LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:lwgeom_getType:853] lwgeom_getType 65 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwpoint.c:lwpoint_deserialize:286] lwpoint_deserialize: input has SRID LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:pointArray_construct:788] pointArray_construct called. LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:pointArray_construct:798] pointArray_construct returning 0x1c1ddc38 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom.c:lwgeom_serialize_size:67] lwgeom_serialize_size(Point) called LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwpoint.c:lwpoint_serialize_size:147] lwpoint_serialize_size called LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwpoint.c:lwpoint_serialize_size:154] lwpoint_serialize_size returning 21 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_pg.c:pglwgeom_serialize:159] lwgeom_serialize_size returned 21 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom.c:lwgeom_serialize_buf:101] lwgeom_serialize_buf called with a Point LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:pointArray_ptsize:811] pointArray_ptsize: TYPE_NDIMS(pa→dims)=2 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwpoint.c:lwpoint_serialize_buf:58] lwpoint_serialize_buf(0x1c21b650, 0x1c21b624) called LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:pointArray_ptsize:811] pointArray_ptsize: TYPE_NDIMS(pa→dims)=2 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_pg.c:pglwgeom_serialize:165] pglwgeom_serialize: serialized size: 21, computed size: 21 LINE 1: SELECT buffer('0101000020E8640000000000000000F8FF00000000000…

NOTICE: [lwgeom_api.c:lwgeom_getType:853] lwgeom_getType 65 NOTICE: [lwgeom.c:lwgeom_deserialize:26] lwgeom_deserialize got 1 - Point NOTICE: [lwpoint.c:lwpoint_deserialize:255] lwpoint_deserialize called NOTICE: [lwgeom_api.c:lwgeom_getType:853] lwgeom_getType 65 NOTICE: [lwpoint.c:lwpoint_deserialize:286] lwpoint_deserialize: input has SRID NOTICE: [lwgeom_api.c:pointArray_construct:788] pointArray_construct called. NOTICE: [lwgeom_api.c:pointArray_construct:798] pointArray_construct returning 0x1c225348 NOTICE: [lwgeom_geos.c:LWGEOM2GEOS:2936] LWGEOM2GEOS got a Unknown NOTICE: [lwsegmentize.c:has_arc:55] has_arc called. NOTICE: [lwgeom_api.c:lwgeom_getType:853] lwgeom_getType 65 NOTICE: [lwgeom_api.c:getPoint3dz_p:582] getPoint3dz_p called on array of 2-dimensions / 1 pts NOTICE: [lwgeom_api.c:pointArray_ptsize:811] pointArray_ptsize: TYPE_NDIMS(pa→dims)=2 NOTICE: [lwgeom_geos.c:ptarray_to_GEOSCoordSeq:2912] Point: nan,nan,0 NOTICE: [lwgeom_geos.c:LWGEOM2GEOS:3026] LWGEOM2GEOS: GEOSGeom: POINT (nan nan) NOTICE: [lwgeom_geos.c:buffer:988] before GEOSBufferWithStyle(POINT (nan nan), 50.000000, 8, 1, 1, 5.000000) server closed the connection unexpectedly

This probably means the server terminated abnormally before or while processing the request.

The connection to the server was lost. Attempting reset: Failed. !>

The problem seems to be in GEOS or how GEOSBufferWithStyle is invoked from within PostGIS.

Peter

[hopfgartner]

The backtrace looks like:

Program received signal SIGABRT, Aborted. 0x00000032ba230265 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00000032ba230265 in raise () from /lib64/libc.so.6 #1 0x00000032ba231d10 in abort () from /lib64/libc.so.6 #2 0x00000032ba2296e6 in assert_fail () from /lib64/libc.so.6 #3 0x00000032c56c8dde in geos::geomgraph::Node::add (this≤value optimized out>, e≤value optimized out>) at Node.cpp:140 #4 0x00000032c56cb6d0 in geos::geomgraph::PlanarGraph::add (this≤value optimized out>, e≤value optimized out>)

at PlanarGraph.cpp:158

#5 0x00000032c56cb7f4 in geos::geomgraph::PlanarGraph::addEdges (this≤value optimized out>, edgesToAdd≤value optimized out>)

at PlanarGraph.cpp:238

#6 0x00000032c57076c6 in geos::operation::buffer::BufferBuilder::buffer (this≤value optimized out>, g≤value optimized out>,

distance≤value optimized out>) at BufferBuilder.cpp:394

#7 0x00000032c5709ffb in geos::operation::buffer::BufferOp::bufferOriginalPrecision (this≤value optimized out>)

at BufferOp.cpp:162

#8 0x00000032c570a0b6 in geos::operation::buffer::BufferOp::computeGeometry (this≤value optimized out>) at BufferOp.cpp:111 #9 0x00000032c570a16c in geos::operation::buffer::BufferOp::getResultGeometry (this≤value optimized out>,

nDistance≤value optimized out>) at BufferOp.cpp:98

#10 0x00000032c62109e0 in GEOSBufferWithStyle_r (extHandle≤value optimized out>, g1≤value optimized out>,

width≤value optimized out>, quadsegs≤value optimized out>, endCapStyle≤value optimized out>, joinStyle≤value optimized out>, mitreLimit≤value optimized out>) at geos_ts_c.cpp:1455

#11 0x00002aac17099238 in buffer (fcinfo=0x7fffb7b9af50) at lwgeom_geos.c:989 #12 0x000000000053b392 in ExecMakeFunctionResult (fcache=0x11a803a0, econtext=0x11a80c80, isNull=0x7fffb7b9b35f "", isDone=0x0)

at execQual.c:1789

#13 0x000000000053d33a in ExecEvalExprSwitchContext (expression=0x5a51, econtext=0x5a51, isNull=0x6 <Address 0x6 out of bounds>,

isDone=0xffffffffffffffff) at execQual.c:4206

#14 0x000000000059de74 in evaluate_expr (expr≤value optimized out>, result_type=16400, result_typmod=-1) at clauses.c:3856 #15 0x000000000059f10e in evaluate_function (funcid=16868, result_type=16400, result_typmod=-1, args=0x7fffb7b9b780,

allow_inline=1 '\001', context=0x7fffb7b9b910) at clauses.c:3467

#16 simplify_function (funcid=16868, result_type=16400, result_typmod=-1, args=0x7fffb7b9b780, allow_inline=1 '\001',

context=0x7fffb7b9b910) at clauses.c:3271

#17 0x000000000059f9de in eval_const_expressions_mutator (node=0x11a78700, context=0x7fffb7b9b910) at clauses.c:2152 #18 0x00000000005624b2 in expression_tree_mutator (node=0x11a78870, mutator=0x59f680 <eval_const_expressions_mutator>,

context=0x7fffb7b9b910) at nodeFuncs.c:2014

#19 0x000000000059f7bd in eval_const_expressions_mutator (node=0x11a78750, context=0x7fffb7b9b910) at clauses.c:2969 #20 0x0000000000562ce6 in expression_tree_mutator (node=0x0, mutator=0x59f680 <eval_const_expressions_mutator>,

context=0x7fffb7b9b910) at nodeFuncs.c:1944

#21 0x000000000059f7bd in eval_const_expressions_mutator (node=0x11a78680, context=0x7fffb7b9b910) at clauses.c:2969 #22 0x00000000005a07ff in eval_const_expressions (root≤value optimized out>, node=0xffffffffffffffff) at clauses.c:2045 #23 0x0000000000592521 in preprocess_expression (root=0x11a3b938, expr=0x5a51, kind=1) at planner.c:541 #24 0x0000000000594c54 in subquery_planner (glob=0x11a3a400, parse=0x11a3a9b0, parent_root=0x0, hasRecursion=0 '\000',

tuple_fraction=0, subroot=0x7fffb7b9bb08) at planner.c:376

#25 0x00000000005951e3 in standard_planner (parse=0x11a3a9b0, cursorOptions=0, boundParams=0x0) at planner.c:190 #26 0x00000000005d9f61 in pg_plan_query (querytree=0x11a3a9b0, cursorOptions=0, boundParams=0x0) at postgres.c:697 #27 0x00000000005da01e in pg_plan_queries (querytrees≤value optimized out>, cursorOptions=0, boundParams=0x0) at postgres.c:756 #28 0x00000000005da804 in exec_simple_query (

query_string=0x11a39be0 "SELECT buffer('0101000020E864", '0' <repeats 16 times>, "F8FF", '0' <repeats 12 times>, "F8FF', 50.0);") at postgres.c:920

#29 0x00000000005db55b in PostgresMain (argc=4, argv≤value optimized out>, username=0x1199bc00 "postgres") at postgres.c:3614 #30 0x00000000005b1d8d in ServerLoop () at postmaster.c:3462 #31 0x00000000005b2b3c in PostmasterMain (argc=5, argv=0x11997a50) at postmaster.c:1040 #32 0x00000000005603be in main (argc=5, argv≤value optimized out>) at main.c:188

[pramsey]

Well, rather than retrofit anything deeper in the geometry handling, I am tempted to intercept and kill these at the edge. What is the spatial meaning of POINT(nan nan) or even LINESTRING(nan 0, 1 1) ? I would tend to say we should either drop errors on them or convert them into an EMPTY or NULL on the way in. How did you generate this thing to start with?

[mcayland]

Hmmmm what behaviour do the usual suspects exhibit? I'd be tempted to reject at parse time.

[hopfgartner]

Replying to pramsey:

Well, rather than retrofit anything deeper in the geometry handling, I am tempted to intercept and kill these at the edge. What is the spatial meaning of POINT(nan nan) or even LINESTRING(nan 0, 1 1) ? I would tend to say we should either drop errors on them or convert them into an EMPTY or NULL on the way in. How did you generate this thing to start with?

I can not reconstruct how these geometries were generated. I found them in an internally used database. They might result from some incorrect calculation.

[pramsey]

Guarded in trunk at r8328

[pramsey]

Guarded in 1.5 at r8329.

[pramsey]

Guarded in 1.4 at r8330