Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
12.3.2
-
None
-
Linux x86_64, Docker container
-
Not for Release Notes
Description
~~~sql
SELECT ST_ASTEXT ( ST_BUFFER ( ST_GEOMFROMTEXT ( 'POLYGON((0 0, 0 8, 8 8, 8 10, -10 10, -10 0, 0 0))' ) , 1 ) ) ; SELECT ST_AREA ( ST_BUFFER ( ST_GEOMFROMTEXT ( 'POLYGON((0 0,10 10,0 8,0 0))' ) , 1 ) ) > 0 ; SELECT ST_AREA ( ST_BUFFER ( ST_GEOMFROMTEXT ( 'POLYGON((1 1,10 10,0 8,1 1))' ) , '1e1000000000000000000' ) ) > 0 ;
~~~
-
- Expected result
The server should either execute the query or return a normal SQL error without crashing.
- Expected result
-
- Actual result
The fuzzing run observed a server crash. The deduplicated stack signature is:
~~~
stack:_ZN16Item_func_buffer11Transporter15add_edge_bufferEddbb|_ZN16Item_func_buffer11Transporter9add_pointEdd|_ZNK11Gis_polygon12store_shapesEP23Gcalc_shape_transporter|_ZN16Item_func_buffer7val_strEP6String|_ZN14Item_func_area8val_realEv|_ZN14Arg_comparator12compare_realEv|_ZN12Item_func_gt8val_boolEv|_ZN14Item_bool_func7val_intEv
~~~
- Actual result
Top frames:
~~~
_ZN16Item_func_buffer11Transporter15add_edge_bufferEddbb
_ZN16Item_func_buffer11Transporter9add_pointEdd
_ZNK11Gis_polygon12store_shapesEP23Gcalc_shape_transporter
_ZN16Item_func_buffer7val_strEP6String
_ZN14Item_func_area8val_realEv
_ZN14Arg_comparator12compare_realEv
_ZN12Item_func_gt8val_boolEv
_ZN14Item_bool_func7val_intEv
~~~
Attachments
Issue Links
- duplicates
-
-
- Confirmed
-