From: Raúl Marín Rodríguez <rmrodriguez@carto.com>
Date: Tue, 2 Oct 2018 11:43:08 +0000 (+0000)
Subject: Fix undefined behaviour in ptarray_clone_deep
X-Git-Tag: 3.0.0alpha1~372
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5de8ef7be872eb3311a83cadf8ff1ca99a1ea758;p=postgis

Fix undefined behaviour in ptarray_clone_deep

Closes #4191
Closes https://github.com/postgis/postgis/pull/311/


git-svn-id: http://svn.osgeo.org/postgis/trunk@16871 b70326c6-7e19-0410-871a-916f4a2858ee
---

diff --git a/NEWS b/NEWS
index 3c55f4541..c3cf3b54b 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,7 @@ PostGIS 3.0.0
   - #4183, St_AsMVTGeom: Drop invalid geometries after simplification (Raúl Marín)
   - #4188, Avoid division by zero in kmeans (Raúl Marín)
   - #4189, Fix undefined behaviour in SADFWrite (Raúl Marín)
+  - #4191, Fix undefined behaviour in ptarray_clone_deep (Raúl Marín)
 
 PostGIS 2.5.0
 2018/09/23
diff --git a/liblwgeom/ptarray.c b/liblwgeom/ptarray.c
index 2a82c5db1..919060fcb 100644
--- a/liblwgeom/ptarray.c
+++ b/liblwgeom/ptarray.c
@@ -622,7 +622,6 @@ POINTARRAY *
 ptarray_clone_deep(const POINTARRAY *in)
 {
 	POINTARRAY *out = lwalloc(sizeof(POINTARRAY));
-	size_t size;
 
 	LWDEBUG(3, "ptarray_clone_deep called.");
 
@@ -632,9 +631,17 @@ ptarray_clone_deep(const POINTARRAY *in)
 
 	FLAGS_SET_READONLY(out->flags, 0);
 
-	size = in->npoints * ptarray_point_size(in);
-	out->serialized_pointlist = lwalloc(size);
-	memcpy(out->serialized_pointlist, in->serialized_pointlist, size);
+	if (!in->npoints)
+	{
+		// Avoid calling lwalloc of 0 bytes
+		out->serialized_pointlist = NULL;
+	}
+	else
+	{
+		size_t size = in->npoints * ptarray_point_size(in);
+		out->serialized_pointlist = lwalloc(size);
+		memcpy(out->serialized_pointlist, in->serialized_pointlist, size);
+	}
 
 	return out;
 }