From 5de8ef7be872eb3311a83cadf8ff1ca99a1ea758 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ra=C3=BAl=20Mar=C3=ADn=20Rodr=C3=ADguez?= Date: Tue, 2 Oct 2018 11:43:08 +0000 Subject: [PATCH] Fix undefined behaviour in ptarray_clone_deep Closes #4191 Closes https://github.com/postgis/postgis/pull/311/ git-svn-id: http://svn.osgeo.org/postgis/trunk@16871 b70326c6-7e19-0410-871a-916f4a2858ee --- NEWS | 1 + liblwgeom/ptarray.c | 15 +++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 3c55f4541..c3cf3b54b 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,7 @@ PostGIS 3.0.0 - #4183, St_AsMVTGeom: Drop invalid geometries after simplification (Raúl Marín) - #4188, Avoid division by zero in kmeans (Raúl Marín) - #4189, Fix undefined behaviour in SADFWrite (Raúl Marín) + - #4191, Fix undefined behaviour in ptarray_clone_deep (Raúl Marín) PostGIS 2.5.0 2018/09/23 diff --git a/liblwgeom/ptarray.c b/liblwgeom/ptarray.c index 2a82c5db1..919060fcb 100644 --- a/liblwgeom/ptarray.c +++ b/liblwgeom/ptarray.c @@ -622,7 +622,6 @@ POINTARRAY * ptarray_clone_deep(const POINTARRAY *in) { POINTARRAY *out = lwalloc(sizeof(POINTARRAY)); - size_t size; LWDEBUG(3, "ptarray_clone_deep called."); @@ -632,9 +631,17 @@ ptarray_clone_deep(const POINTARRAY *in) FLAGS_SET_READONLY(out->flags, 0); - size = in->npoints * ptarray_point_size(in); - out->serialized_pointlist = lwalloc(size); - memcpy(out->serialized_pointlist, in->serialized_pointlist, size); + if (!in->npoints) + { + // Avoid calling lwalloc of 0 bytes + out->serialized_pointlist = NULL; + } + else + { + size_t size = in->npoints * ptarray_point_size(in); + out->serialized_pointlist = lwalloc(size); + memcpy(out->serialized_pointlist, in->serialized_pointlist, size); + } return out; } -- 2.40.0