This is an automated email from the git hooks/post-receive script.

johanvdw-guest pushed a commit to branch ubuntu/trusty
in repository postgis.

commit 26361d8080cab42761bc3653d7accf3ebf20c09b
Author: Markus Wanner <mar...@bluegap.ch>
Date:   Mon Mar 30 20:04:19 2015 +0200

    Add patch geojson-fix-3094.patch, prepare for upload to unstable
    
    back-ported from the 2.1.7 release, to fix a crash of the database
    backend process when given invalid GeoJSON data.
    
    patch refreshed for version 2.1.4
    Conflicts:
        debian/changelog
        debian/patches/series
---
 debian/changelog                      |  9 ++++
 debian/patches/geojson-fix-3094.patch | 77 +++++++++++++++++++++++++++++++++++
 debian/patches/series                 |  1 +
 3 files changed, 87 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b1064c3..ef0c185 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+postgis (2.1.2+dfsg-2ubuntu0.1) trusty; urgency=high
+
+  [ Markus Wanner ]
+  * Add patch geojson-fix-3094.patch, back-ported from the 2.1.7 release,
+    to fix a crash of the database backend process when given invalid
+    GeoJSON data. Based on debian patch by Markus Wanner.
+
+ -- Johan Van de Wauw <johan.vandew...@gmail.com>  Wed, 01 Apr 2015 21:29:10 
+0200
+
 postgis (2.1.2+dfsg-2) unstable; urgency=medium
 
   * Fix arch-only builds by moving the maven-repo-helper dependency from
diff --git a/debian/patches/geojson-fix-3094.patch 
b/debian/patches/geojson-fix-3094.patch
new file mode 100644
index 0000000..e51d004
--- /dev/null
+++ b/debian/patches/geojson-fix-3094.patch
@@ -0,0 +1,77 @@
+Description: Fix for GeoJSON ingestion
+ Malformed JSON data used to crash the database backend process and
+ especially web services use to pass on such JSON data unexamined.
+Forwarded: not-needed
+Bug: http://trac.osgeo.org/postgis/ticket/3094
+Origin: upstream, http://trac.osgeo.org/postgis/changeset/13400
+Author: Paul Ramsey <pram...@cleverelephant.ca>
+
+--- a/liblwgeom/lwin_geojson.c
++++ b/liblwgeom/lwin_geojson.c
+@@ -47,7 +47,11 @@ findMemberByName(json_object* poObj, con
+ 
+       if( NULL != json_object_get_object(poTmp) )
+       {
+-              assert( NULL != json_object_get_object(poTmp)->head );
++              if( NULL == json_object_get_object(poTmp)->head )
++              {
++                      geojson_lwerror("invalid GeoJSON representation", 2);
++                      return NULL;
++              }
+ 
+               for( it.entry = json_object_get_object(poTmp)->head;
+                       ( it.entry ?
+@@ -79,7 +83,12 @@ parse_geojson_coord(json_object *poObj,
+               const int nSize = json_object_array_length( poObj );
+               LWDEBUGF(3, "parse_geojson_coord called for array size %d.", 
nSize );
+ 
+-
++              if ( nSize < 2 )
++              {
++                      geojson_lwerror("Too few ordinates in GeoJSON", 4);
++                      return LW_FAILURE;
++              }
++              
+               // Read X coordinate
+               poObjCoord = json_object_array_get_idx( poObj, 0 );
+               pt.x = json_object_get_double( poObjCoord );
+@@ -90,7 +99,7 @@ parse_geojson_coord(json_object *poObj,
+               pt.y = json_object_get_double( poObjCoord );
+               LWDEBUGF(3, "parse_geojson_coord pt.y = %f.", pt.y );
+ 
+-              if( nSize == 3 ) /* should this be >= 3 ? */
++              if( nSize < 2 ) /* should this be >= 3 ? */
+               {
+                       // Read Z coordinate
+                       poObjCoord = json_object_array_get_idx( poObj, 2 );
+@@ -98,19 +107,27 @@ parse_geojson_coord(json_object *poObj,
+                       LWDEBUGF(3, "parse_geojson_coord pt.z = %f.", pt.z );
+                       *hasz = LW_TRUE;
+               }
+-              else
++              else if ( nSize == 2 )
+               {
+                       *hasz = LW_FALSE;
+                       /* Initialize Z coordinate, if required */
+                       if ( FLAGS_GET_Z(pa->flags) ) pt.z = 0.0;
+               }
+-
+-              /* TODO: should we account for nSize > 3 ? */
++              else 
++              {
++                      /* TODO: should we account for nSize > 3 ? */
++                      /* more than 3 coordinates, we're just dropping 
dimensions here... */
++              }
+ 
+               /* Initialize M coordinate, if required */
+               if ( FLAGS_GET_M(pa->flags) ) pt.m = 0.0;
+ 
+       }
++      else
++      {
++              /* If it's not an array, just don't handle it */
++              return LW_FAILURE;
++      }
+ 
+       return ptarray_append_point(pa, &pt, LW_FALSE);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 6209d3d..bf7d3fb 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ honor-build-flags
 fix-armel
 fix-manpage
 de-translation
+geojson-fix-3094.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-grass/postgis.git

_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel

Reply via email to