[postgis-tickets] r15489 - OSS-Fuzz detected issues with ptarray

Regina Obe lr at pcorp.us
Thu Jul 20 15:34:53 PDT 2017 

Author: robe
Date: 2017-07-20 15:34:53 -0700 (Thu, 20 Jul 2017)
New Revision: 15489

Modified:
   branches/2.3/NEWS
   branches/2.3/liblwgeom/ptarray.c
Log:
OSS-Fuzz detected issues with ptarray
References #3786 for PostGIS 2.3 (for 2.3.4)

Modified: branches/2.3/NEWS
===================================================================
--- branches/2.3/NEWS	2017-07-17 14:38:18 UTC (rev 15488)
+++ branches/2.3/NEWS	2017-07-20 22:34:53 UTC (rev 15489)
@@ -5,6 +5,7 @@
 
   - #3782, Memory leak in lwline_from_wkb_state (Even Rouault)
   - #3101, Fix buffer overflow in pgsql2shp (Sandro Santilli)
+  - #3786, ptarray null and heap issues on is_closed
 
 
 PostGIS 2.3.3

Modified: branches/2.3/liblwgeom/ptarray.c
===================================================================
--- branches/2.3/liblwgeom/ptarray.c	2017-07-17 14:38:18 UTC (rev 15488)
+++ branches/2.3/liblwgeom/ptarray.c	2017-07-20 22:34:53 UTC (rev 15489)
@@ -679,6 +679,13 @@
 int
 ptarray_is_closed(const POINTARRAY *in)
 {
+	if (!in)
+	{
+		lwerror("ptarray_is_closed: called with null point array");
+		return 0;
+	}
+	if (in->npoints <= 1 ) return in->npoints; /* single-point are closed, empty not closed */
+
 	return 0 == memcmp(getPoint_internal(in, 0), getPoint_internal(in, in->npoints-1), ptarray_point_size(in));
 }
 
@@ -686,13 +693,27 @@
 int
 ptarray_is_closed_2d(const POINTARRAY *in)
 {
-	return 0 == memcmp(getPoint_internal(in, 0), getPoint_internal(in, in->npoints-1), sizeof(POINT2D));
+	if (!in)
+	{
+		lwerror("ptarray_is_closed_2d: called with null point array");
+		return 0;
+	}
+	if (in->npoints <= 1 ) return in->npoints; /* single-point are closed, empty not closed */
+
+	return 0 == memcmp(getPoint_internal(in, 0), getPoint_internal(in, in->npoints-1), sizeof(POINT2D) );
 }
 
 int
 ptarray_is_closed_3d(const POINTARRAY *in)
 {
-	return 0 == memcmp(getPoint_internal(in, 0), getPoint_internal(in, in->npoints-1), sizeof(POINT3D));
+	if (!in)
+	{
+		lwerror("ptarray_is_closed_3d: called with null point array");
+		return 0;
+	}
+	if (in->npoints <= 1 ) return in->npoints; /* single-point are closed, empty not closed */
+
+	return 0 == memcmp(getPoint_internal(in, 0), getPoint_internal(in, in->npoints-1), sizeof(POINT3D) );
 }
 
 int

More information about the postgis-tickets mailing list