[postgis-tickets] r16867 - Fix undefined behaviour in ptarray_clone_deep

[Raul]

Author: algunenano
Date: 2018-10-02 04:39:19 -0700 (Tue, 02 Oct 2018)
New Revision: 16867

Modified:
   branches/2.2/NEWS
   branches/2.2/liblwgeom/ptarray.c
Log:
Fix undefined behaviour in ptarray_clone_deep

References #4191


Modified: branches/2.2/NEWS
===================================================================
--- branches/2.2/NEWS	2018-10-02 09:48:21 UTC (rev 16866)
+++ branches/2.2/NEWS	2018-10-02 11:39:19 UTC (rev 16867)
@@ -5,6 +5,7 @@
    - #2985, Avoid array overflow in ANALYZE (Paul Ramsey)
    - #4160, Use qualified names in topology extension install (Raúl Marín)
    - #4189, Fix undefined behaviour in SADFWrite (Raúl Marín)
+   - #4191, Fix undefined behaviour in ptarray_clone_deep (Raúl Marín)
 
 PostGIS 2.2.7
 2018/04/06

Modified: branches/2.2/liblwgeom/ptarray.c
===================================================================
--- branches/2.2/liblwgeom/ptarray.c	2018-10-02 09:48:21 UTC (rev 16866)
+++ branches/2.2/liblwgeom/ptarray.c	2018-10-02 11:39:19 UTC (rev 16867)
@@ -634,7 +634,6 @@
 ptarray_clone_deep(const POINTARRAY *in)
 {
 	POINTARRAY *out = lwalloc(sizeof(POINTARRAY));
-	size_t size;
 
 	LWDEBUG(3, "ptarray_clone_deep called.");
 
@@ -644,9 +643,17 @@
 
 	FLAGS_SET_READONLY(out->flags, 0);
 
-	size = in->npoints * ptarray_point_size(in);
-	out->serialized_pointlist = lwalloc(size);
-	memcpy(out->serialized_pointlist, in->serialized_pointlist, size);
+	if (!in->npoints)
+	{
+		// Avoid calling lwalloc of 0 bytes
+		out->serialized_pointlist = NULL;
+	}
+	else
+	{
+		size_t size = in->npoints * ptarray_point_size(in);
+		out->serialized_pointlist = lwalloc(size);
+		memcpy(out->serialized_pointlist, in->serialized_pointlist, size);
+	}
 
 	return out;
 }