From 05b0fe5ab319ac41dacc7cbd41dbb67d96e6eac7 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Wed, 30 Nov 2005 18:23:08 +0000 Subject: [PATCH] Fixed segfault on addPoint() with invalid offset git-svn-id: http://svn.osgeo.org/postgis/branches/pgis_1_0@2106 b70326c6-7e19-0410-871a-916f4a2858ee --- CHANGES | 1 + lwgeom/lwgeom_functions_basic.c | 8 ++++++++ lwgeom/ptarray.c | 7 +++++++ 3 files changed, 16 insertions(+) diff --git a/CHANGES b/CHANGES index caa865541..24b2f2884 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,7 @@ PostGIS 1.0.6CVS - Fixed bbox cache handling bugs - Fixed geom_accum(NULL, NULL) segfault - Initial support for postgresql 8.2 + - Fixed segfault in addPoint() PostGIS 1.0.5 2005/11/25 diff --git a/lwgeom/lwgeom_functions_basic.c b/lwgeom/lwgeom_functions_basic.c index 917477c15..1fb741970 100644 --- a/lwgeom/lwgeom_functions_basic.c +++ b/lwgeom/lwgeom_functions_basic.c @@ -2766,6 +2766,14 @@ Datum LWGEOM_addpoint(PG_FUNCTION_ARGS) } line = lwline_deserialize(SERIALIZED_FORM(pglwg1)); + + if ( where == -1 ) where = line->points->npoints; + else if ( (unsigned int)where > line->points->npoints ) + { + elog(ERROR, "Invalid offset"); + PG_RETURN_NULL(); + } + point = lwpoint_deserialize(SERIALIZED_FORM(pglwg2)); outline = lwline_addpoint(line, point, where); diff --git a/lwgeom/ptarray.c b/lwgeom/ptarray.c index c3b3e19f9..93b1fa128 100644 --- a/lwgeom/ptarray.c +++ b/lwgeom/ptarray.c @@ -291,6 +291,13 @@ ptarray_addPoint(POINTARRAY *pa, uchar *p, size_t pdims, unsigned int where) return NULL; } + if ( where > pa->npoints ) + { + lwerror("ptarray_addPoint: offset out of range (%d)", + where); + return NULL; + } + #if PGIS_DEBUG lwnotice("ptarray_addPoint: called with a %dD point"); #endif -- 2.40.0