Fix undefined behaviour in ptarray_clone_deep

Closes #4191
Closes https://github.com/postgis/postgis/pull/311/

git-svn-id: http://svn.osgeo.org/postgis/trunk@16871 b70326c6-7e19-0410-871a-916f4a2858ee

diff --git a/NEWS b/NEWS
index 3c55f454169ed0d31ebbf1861afb17ffc5e4e7b4..c3cf3b54b03644bfabdd018ee066152dd52a75db 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,7 @@ PostGIS 3.0.0
   - #4183, St_AsMVTGeom: Drop invalid geometries after simplification (Raúl Marín)
   - #4188, Avoid division by zero in kmeans (Raúl Marín)
   - #4189, Fix undefined behaviour in SADFWrite (Raúl Marín)
+  - #4191, Fix undefined behaviour in ptarray_clone_deep (Raúl Marín)
 
 PostGIS 2.5.0
 2018/09/23

diff --git a/liblwgeom/ptarray.c b/liblwgeom/ptarray.c
index 2a82c5db154624e1188afe6a27a372b1057c3bb1..919060fcb450fd421ba478848e09770f72edb326 100644 (file)
--- a/liblwgeom/ptarray.c
+++ b/liblwgeom/ptarray.c
@@ -622,7 +622,6 @@ POINTARRAY *
 ptarray_clone_deep(const POINTARRAY *in)
 {
        POINTARRAY *out = lwalloc(sizeof(POINTARRAY));
-       size_t size;
 
        LWDEBUG(3, "ptarray_clone_deep called.");
 
@@ -632,9 +631,17 @@ ptarray_clone_deep(const POINTARRAY *in)
 
        FLAGS_SET_READONLY(out->flags, 0);
 
-       size = in->npoints * ptarray_point_size(in);
-       out->serialized_pointlist = lwalloc(size);
-       memcpy(out->serialized_pointlist, in->serialized_pointlist, size);
+       if (!in->npoints)
+       {
+               // Avoid calling lwalloc of 0 bytes
+               out->serialized_pointlist = NULL;
+       }
+       else
+       {
+               size_t size = in->npoints * ptarray_point_size(in);
+               out->serialized_pointlist = lwalloc(size);
+               memcpy(out->serialized_pointlist, in->serialized_pointlist, size);
+       }
 
        return out;
 }