Typically when there is a risk that the geometry column could be null (like in most databases) I connect to a filtered view of the data rather than the table itself.
Just for those cases where I can't enforce a non-null geometry (like a trigger with x/y columns) On Wed, Apr 28, 2021, 8:38 AM Kyel Shippey <kship...@juno.com> wrote: > Hello all, > > > > We recently experienced a vulnerability in MapGuide when encountering a > feature selection that contains “empty” geometries in SQLite. We have not > examined whether it occurs in other file or database formats as well. We > are operating on MapGuide 3.1.2 in 64-bit Windows with FDO 4.1 with PHP > scripting. > > > > Empty geometries seem to include WKT values such as: > > POINT() > > LINESTRING() > > POLYGON() > > > > When looping over an MgFeatureReader collection that contains a feature > like this, the logic fails when merely attempting to access the affected > feature, so there is no opportunity to detect and gracefully bypass it: > > > > while($features->ReadNext()) { > > // breaks down before anything can happen > > // if this current item has an “empty” geometry > > } > > > > On our system, the failure is repeatably complete and devastating, > requiring a full server reset which often does not suffice without > additional monkeying on the /Repositores/Library/ and /Repositories/Site/ > database files, suggesting that some file database corruption might occur > with this event. > > > > For our purposes, we had success in sanitizing our SQLite files by first > processing them through GeoJSON. From there, ogr2ogr can utilize the > AsText() in its sqlite dialect query and prevent these known culprits from > propagating into our SQLite files library. But the underlying vulnerability > still exists, whether on the MapGuide internals side or just for the SQLite > FDO provider. > > > > This seemed worth bringing to everyone’s attention for consideration on > the compiled engine code. I can provide a sample SQLite file for > investigation if you like. > > > > > > Thank you, > > > > Kyel Shippey > > > ____________________________________________________________ > > Top News - Sponsored By Newser > <https://www.newser.com/?utm_source=part&utm_medium=uol&utm_campaign=rss_taglines_more> > > - *NY Post Reporter Who Wrote Fake 'Kam On In' Story Is Out* > <http://thirdpartyoffers.juno.com/TGL3132/60890f43a94bcf422e95st02vuc1> > - *Autopsy: Andrew Brown Was Shot 5 Times* > <http://thirdpartyoffers.juno.com/TGL3132/60890f43ccc22f422e95st02vuc2> > - *Appalachian Trail Killer Headed to Psych Facility* > <http://thirdpartyoffers.juno.com/TGL3132/60890f43f01bbf422e95st02vuc3> > > _______________________________________________ > mapguide-users mailing list > mapguide-users@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/mapguide-users >
_______________________________________________ mapguide-users mailing list mapguide-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapguide-users