[postgis-tickets] [PostGIS] #4621: oss-fuzz: stack overflow in lwcollection_from_wkb_state
PostGIS
trac at osgeo.org
Fri Jan 17 07:52:28 PST 2020
#4621: oss-fuzz: stack overflow in lwcollection_from_wkb_state
----------------------+---------------------------
Reporter: komzpa | Owner: pramsey
Type: defect | Status: new
Priority: medium | Milestone: PostGIS 3.1.0
Component: postgis | Version: master
Resolution: | Keywords:
----------------------+---------------------------
Comment (by Algunenano):
A simpler repro:
{{{
/* OSS-FUZZ: https://trac.osgeo.org/postgis/ticket/4621 */
uint32_t big_size = 20000000;
uint8_t *wkb5 = lwalloc(big_size);
memset(wkb5, 0x01, big_size);
g = lwgeom_from_wkb(wkb5, big_size, LW_PARSER_CHECK_NONE);
lwgeom_free(g);
lwfree(wkb5);
}}}
I think we should put a limit to the recursive calls that depend on user
input, but I'm not sure what that would be. I'd say that if you have 1024
chained collection you are just trying to break things so we could discard
it.
--
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4621#comment:2>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.
More information about the postgis-tickets
mailing list