[geos-commits] [SCM] GEOS branch 3.13 updated. 98da0fad0b9abff91349cf71d19196c5d48e258a
git at osgeo.org
git at osgeo.org
Wed May 13 15:26:34 PDT 2026
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GEOS".
The branch, 3.13 has been updated
via 98da0fad0b9abff91349cf71d19196c5d48e258a (commit)
via 663e9b48b606b5e9d274fdbb41e4be2cbcc1912e (commit)
from b61d1f844667f7649bfa696b5319df7e03df9237 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 98da0fad0b9abff91349cf71d19196c5d48e258a
Author: Paul Ramsey <pramsey at cleverelephant.ca>
Date: Wed May 13 15:26:02 2026 -0700
News entry for WKB overflow
diff --git a/NEWS.md b/NEWS.md
index 4a365a95a..be94fcc4d 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -10,6 +10,7 @@
- Quiet FP_DIVBYZERO exception from CGAlgorithmsDD::intersection (GH-1235, Paul Ramsey)
- Avoid crash on buffer of geometry with only invalid coordinates (GH-1335, Dan Baston)
- Guard against stack overflow in inputs (GH-1437, Paul Ramsey)
+ - Avoid overflow risk in WKB reader (Paul Ramsey)
## Changes in 3.13.1
2025-03-03
commit 663e9b48b606b5e9d274fdbb41e4be2cbcc1912e
Author: Paul Ramsey <pramsey at cleverelephant.ca>
Date: Wed May 13 22:00:16 2026 +0000
WKBReader: use division in minMemSize() to avoid overflow risk
diff --git a/src/io/WKBReader.cpp b/src/io/WKBReader.cpp
index d81a88ddc..442d28506 100644
--- a/src/io/WKBReader.cpp
+++ b/src/io/WKBReader.cpp
@@ -187,7 +187,6 @@ WKBReader::readHEX(std::istream& is)
void
WKBReader::minMemSize(geom::GeometryTypeId geomType, uint64_t size) const
{
- uint64_t minSize = 0;
constexpr uint64_t minCoordSize = 2 * sizeof(double);
constexpr uint64_t minPtSize = (1+4) + minCoordSize;
constexpr uint64_t minLineSize = (1+4+4); // empty line
@@ -195,35 +194,36 @@ WKBReader::minMemSize(geom::GeometryTypeId geomType, uint64_t size) const
constexpr uint64_t minPolySize = (1+4+4); // empty polygon
constexpr uint64_t minGeomSize = minLineSize;
+ uint64_t perElement = 0;
switch(geomType) {
case GEOS_LINESTRING:
case GEOS_LINEARRING:
case GEOS_CIRCULARSTRING:
case GEOS_COMPOUNDCURVE:
case GEOS_POINT:
- minSize = size * minCoordSize;
+ perElement = minCoordSize;
break;
case GEOS_POLYGON:
case GEOS_CURVEPOLYGON:
- minSize = size * minRingSize;
+ perElement = minRingSize;
break;
case GEOS_MULTIPOINT:
- minSize = size * minPtSize;
+ perElement = minPtSize;
break;
case GEOS_MULTILINESTRING:
case GEOS_MULTICURVE:
- minSize = size * minLineSize;
+ perElement = minLineSize;
break;
case GEOS_MULTIPOLYGON:
case GEOS_MULTISURFACE:
- minSize = size * minPolySize;
+ perElement = minPolySize;
break;
case GEOS_GEOMETRYCOLLECTION:
- minSize = size * minGeomSize;
+ perElement = minGeomSize;
break;
}
- if (dis.size() < minSize) {
+ if (perElement > 0 && size > dis.size() / perElement) {
throw ParseException("Input buffer is smaller than requested object size");
}
}
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 1 +
src/io/WKBReader.cpp | 16 ++++++++--------
2 files changed, 9 insertions(+), 8 deletions(-)
hooks/post-receive
--
GEOS
More information about the geos-commits
mailing list