[postgis-tickets] r17414 - Multiple fixes for undefined behaviour in implicit conversions

Wed Apr 24 04:07:56 PDT 2019

Author: algunenano
Date: 2019-04-24 04:07:56 -0700 (Wed, 24 Apr 2019)
New Revision: 17414

Modified:
   trunk/liblwgeom/ptarray.c
   trunk/loader/shp2pgsql-core.c
   trunk/postgis/lwgeom_functions_basic.c
Log:
Multiple fixes for undefined behaviour in implicit conversions

shp2pgsql-core.c:839:22: runtime error: implicit conversion from type 'int' of value -1 (32-bit, signed) to type 'DBFFieldType' changed the value to 4294967295 (32-bit, unsigned)

 runtime error: implicit conversion from type 'int32' (aka 'int') of value -1 (32-bit, signed) to type 'uint32' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
 UndefinedBehaviorSanitizer: undefined-behavior lwgeom_functions_basic.c:2237:10 in

 runtime error: implicit conversion from type 'unsigned int' of value 4294967295 (32-bit, unsigned) to type 'int' changed the value to -1 (32-bit, signed)
 UndefinedBehaviorSanitizer: undefined-behavior ptarray.c:333:13 in

 runtime error: implicit conversion from type 'unsigned int' of value 4294967295 (32-bit, unsigned) to type 'int' changed the value to -1 (32-bit, signed)
 UndefinedBehaviorSanitizer: undefined-behavior ptarray.c:333:13 in


References #4383



Modified: trunk/liblwgeom/ptarray.c
===================================================================

--- trunk/liblwgeom/ptarray.c	2019-04-24 11:03:39 UTC (rev 17413)
+++ trunk/liblwgeom/ptarray.c	2019-04-24 11:07:56 UTC (rev 17414)
@@ -329,9 +329,11 @@
 void
 ptarray_reverse_in_place(POINTARRAY *pa)
 {
-	int i;
-	int last = pa->npoints-1;
-	int mid = pa->npoints/2;
+	if (!pa->npoints)
+		return;
+	uint32_t i;
+	uint32_t last = pa->npoints - 1;
+	uint32_t mid = pa->npoints / 2;
 
 	double *d = (double*)(pa->serialized_pointlist);
 	int j;

Modified: trunk/loader/shp2pgsql-core.c
===================================================================
--- trunk/loader/shp2pgsql-core.c	2019-04-24 11:03:39 UTC (rev 17413)
+++ trunk/loader/shp2pgsql-core.c	2019-04-24 11:07:56 UTC (rev 17414)
@@ -836,7 +836,7 @@
 	int field_precision, field_width;
 	char name[MAXFIELDNAMELEN];
 	char name2[MAXFIELDNAMELEN];
-	DBFFieldType type = -1;
+	DBFFieldType type = FTInvalid;
 	char *utf8str;
 
 	/* If we are reading the entire shapefile, open it */

Modified: trunk/postgis/lwgeom_functions_basic.c
===================================================================
--- trunk/postgis/lwgeom_functions_basic.c	2019-04-24 11:03:39 UTC (rev 17413)
+++ trunk/postgis/lwgeom_functions_basic.c	2019-04-24 11:07:56 UTC (rev 17414)
@@ -2229,7 +2229,7 @@
 {
 	GSERIALIZED *pglwg1, *result;
 	LWLINE *line, *outline;
-	uint32 which;
+	int32 which;
 
 	POSTGIS_DEBUG(2, "LWGEOM_removepoint called.");
 
@@ -2244,9 +2244,9 @@
 
 	line = lwgeom_as_lwline(lwgeom_from_gserialized(pglwg1));
 
-	if (which > line->points->npoints - 1)
+	if (which < 0 || (uint32_t)which > line->points->npoints - 1)
 	{
-		elog(ERROR, "Point index out of range (%d..%d)", 0, line->points->npoints - 1);
+		elog(ERROR, "Point index out of range (%u..%u)", 0, line->points->npoints - 1);
 		PG_RETURN_NULL();
 	}
 
@@ -2256,7 +2256,7 @@
 		PG_RETURN_NULL();
 	}
 
-	outline = lwline_removepoint(line, which);
+	outline = lwline_removepoint(line, (uint32_t)which);
 	/* Release memory */
 	lwline_free(line);
 
@@ -2275,7 +2275,7 @@
 	LWLINE *line;
 	LWPOINT *lwpoint;
 	POINT4D newpoint;
-	int32 which;
+	int64_t which;
 
 	POSTGIS_DEBUG(2, "LWGEOM_setpoint_linestring called.");
 
@@ -2307,11 +2307,11 @@
 	if (which < 0)
 	{
 		/* Use backward indexing for negative values */
-		which = which + line->points->npoints;
+		which += (int64_t)line->points->npoints;
 	}
-	if ((uint32_t)which + 1 > line->points->npoints)
+	if ((uint32_t)which > line->points->npoints - 1)
 	{
-		elog(ERROR, "abs(Point index) out of range (-)(%d..%d)", 0, line->points->npoints - 1);
+		elog(ERROR, "abs(Point index) out of range (-)(%u..%u)", 0, line->points->npoints - 1);
 		PG_RETURN_NULL();
 	}
 

