[SCM] PostGIS branch stable-3.5 updated. 3.5.4-19-g3ec6fdb95

[git at osgeo.org]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, stable-3.5 has been updated
       via  3ec6fdb951aaec20db3fc35ee274752eeb15d07c (commit)
      from  7f73a34b1a5ee355d011c8bcb6b0d6faf5e561cc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3ec6fdb951aaec20db3fc35ee274752eeb15d07c
Author: Maksim Korotkov <m.korotkov at postgrespro.ru>
Date:   Mon Feb 2 16:08:43 2026 +0300

    Fix memory allocation size for arrays in flatgeobuf_decode_row
    The original code incorrectly allocated memory for pointers
    instead of the actual types, potentially causing buffer
    overflows or memory corruption since it was allocating
    insufficient memory (size of pointer instead of size of Datum/bool).
    
    Found by PostgesPro.
    Fixes: 3ae2c5844 ("FlatGeobuf format input/output")
    Signed-off-by: Maksim Korotkov <m.korotkov at postgrespro.ru>

diff --git a/postgis/flatgeobuf.c b/postgis/flatgeobuf.c
index 9fa5be2b3..52ef420ef 100644
--- a/postgis/flatgeobuf.c
+++ b/postgis/flatgeobuf.c
@@ -466,8 +466,8 @@ void flatgeobuf_decode_row(struct flatgeobuf_decode_ctx *ctx)
 	HeapTuple heapTuple;
 	uint32_t natts = ctx->tupdesc->natts;
 
-	Datum *values = palloc0(natts * sizeof(Datum *));
-	bool *isnull = palloc0(natts * sizeof(bool *));
+	Datum *values = palloc0(natts * sizeof(Datum));
+	bool *isnull = palloc0(natts * sizeof(bool));
 
 	values[0] = Int32GetDatum(ctx->fid);
 

-----------------------------------------------------------------------

Summary of changes:
 postgis/flatgeobuf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
PostGIS