[postgis] 01/01: Add patch geojson-fix-3094.patch, prepare for upload to unstable
Markus Wanner
markus_wanner-guest at moszumanska.debian.org
Mon Mar 30 18:29:54 UTC 2015
This is an automated email from the git hooks/post-receive script.
markus_wanner-guest pushed a commit to branch jessie
in repository postgis.
commit f9ce1bfea95abb57d2f95ee157f5a4cd3b220f7c
Author: Markus Wanner <markus at bluegap.ch>
Date: Mon Mar 30 20:04:19 2015 +0200
Add patch geojson-fix-3094.patch, prepare for upload to unstable
back-ported from the 2.1.7 release, to fix a crash of the database
backend process when given invalid GeoJSON data.
---
debian/changelog | 8 ++++
debian/patches/geojson-fix-3094.patch | 77 +++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 86 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 513c6d5..eb4d328 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+postgis (2.1.4+dfsg-3) unstable; urgency=high
+
+ * Add patch geojson-fix-3094.patch, back-ported from the 2.1.7 release,
+ to fix a crash of the database backend process when given invalid
+ GeoJSON data.
+
+ -- Markus Wanner <markus at bluegap.ch> Mon, 30 Mar 2015 19:40:22 +0200
+
postgis (2.1.4+dfsg-2) unstable; urgency=medium
* Add Dutch translation by Frans Spiesschaert. Closes: #765409.
diff --git a/debian/patches/geojson-fix-3094.patch b/debian/patches/geojson-fix-3094.patch
new file mode 100644
index 0000000..3cec7d0
--- /dev/null
+++ b/debian/patches/geojson-fix-3094.patch
@@ -0,0 +1,77 @@
+Description: Fix for GeoJSON ingestion
+ Malformed JSON data used to crash the database backend process and
+ especially web services use to pass on such JSON data unexamined.
+Forwarded: not-needed
+Bug: http://trac.osgeo.org/postgis/ticket/3094
+Origin: upstream, http://trac.osgeo.org/postgis/changeset/13400
+Author: Paul Ramsey <pramsey at cleverelephant.ca>
+
+--- a/liblwgeom/lwin_geojson.c
++++ b/liblwgeom/lwin_geojson.c
+@@ -59,7 +59,11 @@
+
+ if( NULL != json_object_get_object(poTmp) )
+ {
+- assert( NULL != json_object_get_object(poTmp)->head );
++ if( NULL == json_object_get_object(poTmp)->head )
++ {
++ geojson_lwerror("invalid GeoJSON representation", 2);
++ return NULL;
++ }
+
+ for( it.entry = json_object_get_object(poTmp)->head;
+ ( it.entry ?
+@@ -90,7 +94,12 @@
+ const int nSize = json_object_array_length( poObj );
+ LWDEBUGF(3, "parse_geojson_coord called for array size %d.", nSize );
+
+-
++ if ( nSize < 2 )
++ {
++ geojson_lwerror("Too few ordinates in GeoJSON", 4);
++ return LW_FAILURE;
++ }
++
+ // Read X coordinate
+ poObjCoord = json_object_array_get_idx( poObj, 0 );
+ pt.x = json_object_get_double( poObjCoord );
+@@ -101,7 +110,7 @@
+ pt.y = json_object_get_double( poObjCoord );
+ LWDEBUGF(3, "parse_geojson_coord pt.y = %f.", pt.y );
+
+- if( nSize == 3 ) /* should this be >= 3 ? */
++ if( nSize < 2 ) /* should this be >= 3 ? */
+ {
+ // Read Z coordinate
+ poObjCoord = json_object_array_get_idx( poObj, 2 );
+@@ -109,19 +118,27 @@
+ LWDEBUGF(3, "parse_geojson_coord pt.z = %f.", pt.z );
+ *hasz = LW_TRUE;
+ }
+- else
++ else if ( nSize == 2 )
+ {
+ *hasz = LW_FALSE;
+ /* Initialize Z coordinate, if required */
+ if ( FLAGS_GET_Z(pa->flags) ) pt.z = 0.0;
+ }
+-
+- /* TODO: should we account for nSize > 3 ? */
++ else
++ {
++ /* TODO: should we account for nSize > 3 ? */
++ /* more than 3 coordinates, we're just dropping dimensions here... */
++ }
+
+ /* Initialize M coordinate, if required */
+ if ( FLAGS_GET_M(pa->flags) ) pt.m = 0.0;
+
+ }
++ else
++ {
++ /* If it's not an array, just don't handle it */
++ return LW_FAILURE;
++ }
+
+ return ptarray_append_point(pa, &pt, LW_FALSE);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 0e5664a..417399c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ enable-ppc64el.patch
correct-java-version.patch
strip-invalid-whitespace-in-pom.patch
fix-hurd-i386-ftbfs.patch
+geojson-fix-3094.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/postgis.git
More information about the Pkg-grass-devel
mailing list