Prevent OOM when parsing malformed WKB with inflated counts #679
+80
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Malformed WKB input containing huge element counts (e.g., 0xFFFFFFFF for ring count in a polygon) would cause the parser to attempt allocating gigabytes of memory before discovering there wasn't enough data. This could crash programs processing untrusted WKB input. The fix validates that sufficient bytes remain BEFORE allocating slices, failing fast with "unexpected EOF" instead of exhausting memory. The existing check in parseLineString was moved before its allocation; the other parsing functions had no such check. Fixes #678.
There was a problem hiding this comment.
Pull request overview
This PR prevents out-of-memory crashes when parsing malformed WKB input with inflated element counts by validating that sufficient bytes remain before allocating memory.
Changes:
- Added bounds checking before slice allocation in WKB parsing functions to fail fast with "unexpected EOF" instead of attempting to allocate gigabytes of memory
- Moved existing check in
parseLineStringto execute before allocation - Added comprehensive test coverage for all geometry types with inflated counts
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| geom/wkb_parser.go | Added pre-allocation bounds checks to prevent OOM on malformed input with inflated counts |
| geom/wkb_test.go | Added test cases for all geometry types to verify malformed WKB with inflated counts fails gracefully |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Malformed WKB input containing huge element counts (e.g., 0xFFFFFFFF for ring count in a polygon) would cause the parser to attempt allocating gigabytes of memory before discovering there wasn't enough data. This could crash programs processing untrusted WKB input.
The fix validates that sufficient bytes remain BEFORE allocating slices, failing fast with "unexpected EOF" instead of exhausting memory. The existing check in parseLineString was moved before its allocation; the other parsing functions had no such check.
Fixes #678.
Check List
Have you:
Added unit tests? Yes.
Add cmprefimpl tests? (if appropriate?) N/A
Updated release notes? (if appropriate?) Yes.
Related Issue