[postgis-tickets] [PostGIS] #4406: Undefined behavior in decode_geohash_bbox with invalid input

[PostGIS]

#4406: Undefined behavior in decode_geohash_bbox with invalid input
-----------------------+---------------------------
 Reporter:  mentin     |      Owner:  strk
     Type:  defect     |     Status:  new
 Priority:  low        |  Milestone:  PostGIS 2.5.3
Component:  liblwgeom  |    Version:  trunk
 Keywords:  geohash    |
-----------------------+---------------------------
 decode_geohash_bbox uses this code to convert geohash version of base32 to
 integer:


 {{{
 721          for (i = 0; i < precision; i++)
 722          {
 723              c = tolower(geohash[i]);
 724              cd = strchr(base32, c) - base32;
 725
 }}}


 If the input is not a valid geohash, the strchr returns NULL,
 the result is a constant  that depends of how linker loaded 'base32'
 field.
 There is no security vulnerability here, since NULL is never dereferenced,
 and only 5 bits of 'cd' are used, but the result is undefined (even though
 it
 is constant for any specific build).

 E.g. in my PostgreSQL build, I'm getting
 ST_PointFromGeoHash("@@@@@@") equal to ST_PointFromGeoHash("gggggg"),
 meaning my 'base32' was at some offset representable as 32*n + 16.

 Should this query fail in PostGIS?

 Should this return something well defined?

-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/4406>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.