[geos-devel] [GEOS] #830: Possible memory leak in WKTReader with partial MULTIPOLYGON

GEOS geos-trac at osgeo.org
Wed Apr 12 06:01:48 PDT 2017 

#830: Possible memory leak in WKTReader with partial MULTIPOLYGON
-------------------------+---------------------------
 Reporter:  goatbar      |       Owner:  geos-devel@…
     Type:  defect       |      Status:  new
 Priority:  minor        |   Milestone:
Component:  Default      |     Version:  3.5.0
 Severity:  Unassigned   |  Resolution:
 Keywords:  wkt fuzzing  |
-------------------------+---------------------------

Comment (by goatbar):

 Sadly, no, https://github.com/OSGeo/geos/pull/83 does not fix the issue.


 source:trunk/src/io/WKTReader.cpp at 4052#L422

 `new vector' is leaked  if there is a throw before return.  I am not sure
 what shape the fix should be.  If this were C++11, putting it in a
 unique_ptr would make sure it was deleted as the stack unwound.  A closer
 class with a delete in the destructor would work too.  Or simplest might
 be to try / catch the exception.  I'm not very experienced with
 exceptions, so I haven't tried catch the exception yet.

 {{{#!c++
 MultiPolygon* WKTReader::readMultiPolygonText(StringTokenizer *tokenizer)
 {
         string nextToken=getNextEmptyOrOpener(tokenizer);
         if (nextToken=="EMPTY") {
                 return geometryFactory->createMultiPolygon(NULL);
         }
         vector<Geometry *> *polygons=new vector<Geometry *>();  // <---
 This is leaked.
         Polygon *polygon=readPolygonText(tokenizer);
         polygons->push_back(polygon);
         nextToken=getNextCloserOrComma(tokenizer);
         while(nextToken==",") {
                 Polygon *polygon=readPolygonText(tokenizer);
                 polygons->push_back(polygon);
                 nextToken=getNextCloserOrComma(tokenizer);
         }
         MultiPolygon *ret = geometryFactory->createMultiPolygon(polygons);
         //for (int i=0; i<polygons->size(); i++) delete (*polygons)[i];
         //delete polygons;
         return ret;
 }
 }}}

 I would guess that every other read method with a new will also leak.

--
Ticket URL: <https://trac.osgeo.org/geos/ticket/830#comment:2>
GEOS <http://trac.osgeo.org/geos>
GEOS (Geometry Engine - Open Source) is a C++ port of the Java Topology Suite (JTS).

More information about the geos-devel mailing list