[geos-commits] [SCM] GEOS branch 3.14 updated. a7a985eca203a98c19b36641ac29bdbac1c9db31
git at osgeo.org
git at osgeo.org
Wed May 13 15:25:01 PDT 2026
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GEOS".
The branch, 3.14 has been updated
via a7a985eca203a98c19b36641ac29bdbac1c9db31 (commit)
via b008825ac9de9001919a189e1a2d9a6ec6dfa768 (commit)
from 47d87bfb2bcf6c427dfe2aa7425ee3f9fc2841c4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a7a985eca203a98c19b36641ac29bdbac1c9db31
Author: Paul Ramsey <pramsey at cleverelephant.ca>
Date: Wed May 13 15:24:21 2026 -0700
News item for WKB overflow risk
diff --git a/NEWS.md b/NEWS.md
index 7e7ea284e..a60c7ad58 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -9,6 +9,7 @@
- GEOSClusterDBSCAN fix unassigned clusters with minPoints <= 1 (GH-1386, Dan Baston)
- Fix crash in GEOSConvexHull (GH-1358, Dan Baston)
- Guard against stack overflow in inputs (GH-1437, Paul Ramsey)
+ - Avoid overflow risk in WKB reader (Paul Ramsey)
## Changes in 3.14.1
2025-10-27
commit b008825ac9de9001919a189e1a2d9a6ec6dfa768
Author: Paul Ramsey <pramsey at cleverelephant.ca>
Date: Wed May 13 22:00:16 2026 +0000
WKBReader: use division in minMemSize() to avoid overflow risk
diff --git a/src/io/WKBReader.cpp b/src/io/WKBReader.cpp
index d81a88ddc..442d28506 100644
--- a/src/io/WKBReader.cpp
+++ b/src/io/WKBReader.cpp
@@ -187,7 +187,6 @@ WKBReader::readHEX(std::istream& is)
void
WKBReader::minMemSize(geom::GeometryTypeId geomType, uint64_t size) const
{
- uint64_t minSize = 0;
constexpr uint64_t minCoordSize = 2 * sizeof(double);
constexpr uint64_t minPtSize = (1+4) + minCoordSize;
constexpr uint64_t minLineSize = (1+4+4); // empty line
@@ -195,35 +194,36 @@ WKBReader::minMemSize(geom::GeometryTypeId geomType, uint64_t size) const
constexpr uint64_t minPolySize = (1+4+4); // empty polygon
constexpr uint64_t minGeomSize = minLineSize;
+ uint64_t perElement = 0;
switch(geomType) {
case GEOS_LINESTRING:
case GEOS_LINEARRING:
case GEOS_CIRCULARSTRING:
case GEOS_COMPOUNDCURVE:
case GEOS_POINT:
- minSize = size * minCoordSize;
+ perElement = minCoordSize;
break;
case GEOS_POLYGON:
case GEOS_CURVEPOLYGON:
- minSize = size * minRingSize;
+ perElement = minRingSize;
break;
case GEOS_MULTIPOINT:
- minSize = size * minPtSize;
+ perElement = minPtSize;
break;
case GEOS_MULTILINESTRING:
case GEOS_MULTICURVE:
- minSize = size * minLineSize;
+ perElement = minLineSize;
break;
case GEOS_MULTIPOLYGON:
case GEOS_MULTISURFACE:
- minSize = size * minPolySize;
+ perElement = minPolySize;
break;
case GEOS_GEOMETRYCOLLECTION:
- minSize = size * minGeomSize;
+ perElement = minGeomSize;
break;
}
- if (dis.size() < minSize) {
+ if (perElement > 0 && size > dis.size() / perElement) {
throw ParseException("Input buffer is smaller than requested object size");
}
}
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 1 +
src/io/WKBReader.cpp | 16 ++++++++--------
2 files changed, 9 insertions(+), 8 deletions(-)
hooks/post-receive
--
GEOS
More information about the geos-commits
mailing list