Opened 7 years ago

Closed 7 years ago

#3895 closed defect (fixed)

oss fuzz WKB input bugs

Reported by: pramsey Owned by: pramsey
Priority: critical Milestone: PostGIS 2.2.6
Component: postgis Version: master
Keywords: Cc:

Description

There is a collection of oss-fuzz issues that are associated with WKB input and overly large point array sizes.

A large enough point count will confuse the wkb validity checker and allow an out-of-bounds read in the WKB reader.

Change History (4)

comment:4 by pramsey, 7 years ago

Resolution: fixed
Status: newclosed

In 15961:

Throw error on malformed WKB input
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2589
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2590
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2591
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2592
(Closes #3895)

Note: See TracTickets for help on using tickets.