#675 closed defect (fixed)
Throw exceptions with invalid hex WKB of unexpected size
Reported by: | Mike Taves | Owned by: | strk |
---|---|---|---|
Priority: | minor | Milestone: | 3.6.1 |
Component: | Core | Version: | 3.4.2 |
Severity: | Unassigned | Keywords: | |
Cc: |
Description
PostGIS' parser does this nicely, where if a WKB hex string does not match the expected size, it will raise an ERROR. GEOS' WKBReader.cpp only throws ParseException for invalid HEX char, but not for expected size. A similar request is also valid for the istream reader (too many or too few bytes).
For example, with POINT(2 1):
valid: 01010000000000000000000040000000000000F03F
truncated: 01010000000000000000000040000000000000F03
- GEOS: POINT (2 5.659799424266695e-73)
- PostGIS: ERROR: Invalid hex string, length (41) has to be a multiple of two!
extended: 01010000000000000000000040000000000000F03FF
- GEOS: POINT (2 1)
- PostGIS: ERROR: Invalid hex string, length (43) has to be a multiple of two!
The truncated example is the most realistic situation, as it may have arrived to GEOS via a character array that was too small.
Change History (4)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
The WKBReader::readHEX is indeed not that strict. Actually chances are it would even support newlines in the hex...
comment:3 by , 10 years ago
Milestone: | 3.5.0 → 3.4.3 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
I should add that a very easy check to implement is to ensure that there is an even length of hex chars. As shown above with "multiple of two" errors, only even string lengths are valid hex strings. Odd-length strings are invalid. This check can be done before any further analysis of the WKB structure. Here are some more comparisons.
truncated valid hex, invalid WKB: 01010000000000000000000040000000000000F0
extended valid hex, invalid WKB: 01010000000000000000000040000000000000F03FFF