[openstreetmap/openstreetmap-website] Remove SWF gpx trackpoints feature for Potlatch1 (#2228)

mmd notifications at github.com
Sun May 19 16:29:26 UTC 2019 

One issue in the code is the lack of any input parameter sanitation. With the wrong parameter values, it will eat up all available memory, and then crashes with a segfault:

```
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9: [BUG] Segmentation fault at 0x0000000200000000
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux-gnu]

-- Control frame information -----------------------------------------------
c:0083 p:---- s:0625 e:000624 CFUNC  :iterate_tiles_for_area
c:0082 p:0015 s:0620 e:000619 METHOD /home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9
c:0081 p:0017 s:0612 e:000611 METHOD /home/osm/openstreetmap-website/lib/osm.rb:559
c:0080 p:0348 s:0605 E:001ab0 METHOD /home/osm/openstreetmap-website/app/controllers/api/swf_controller.rb:51


/home/osm/openstreetmap-website/lib/osm.rb:559:in `sql_for_area'
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9:in `sql_for_area'
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9:in `iterate_tiles_for_area'

[...]

-- Machine register context ------------------------------------------------
 RIP: 0x00007fc3631eeb85 RBP: 0x0000000080000000 RSP: 0x00007fc35cbdf750
 RAX: 0x0000000000000000 RBX: 0x000000000000ca2c RCX: 0x00000000ffffffff
 RDX: 0x000000007aec26d0 RDI: 0x0000000200000000 RSI: 0x000000007aec26d0
  R8: 0x0000000080000001  R9: 0x0000000000000000 R10: 0x0000000000000001
 R11: 0x0000000000000207 R12: 0x000000008000ca2d R13: 0x0000000000007e58
 R14: 0x0000000000000000 R15: 0x00000000ffc8f36a EFL: 0x0000000000010286

-- C level backtrace information -------------------------------------------
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc90965) [0x7fc36fc90965]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc90b9c) [0x7fc36fc90b9c]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fb5a884) [0x7fc36fb5a884]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc209a2) [0x7fc36fc209a2]
/lib/x86_64-linux-gnu/libc.so.6(0x7fc36f720f20) [0x7fc36f720f20]
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile/quad_tile.so(tilelist_for_area+0x85) [0x7fc3631eeb85]
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile/quad_tile.so(0xcee) [0x7fc3631eecee]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc79289) [0x7fc36fc79289]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc877b3) [0x7fc36fc877b3]
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2228#issuecomment-493771266
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190519/99c6b506/attachment-0001.html>

More information about the rails-dev mailing list