Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing wkb encoding causes out of memory errors #384 #21

Open
gdey opened this issue Aug 10, 2018 · 2 comments
Open

Fuzzing wkb encoding causes out of memory errors #384 #21

gdey opened this issue Aug 10, 2018 · 2 comments
Labels
question

Comments

@gdey
Copy link
Member

gdey commented Aug 10, 2018

Ref: go-spatial/tegola#384

Fuzzing geom/encoding/wkb (as per #53) reveals a potential bug with several decode functions. I have attached the relevant test output - 010c1c076fce1acae227d578d230bd713dd44528.txt

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L155

In this case, the out of memory error occurs when the Collection function reads the number of items num from the WKB byte stream. In this case it is because of a fuzzed value. When thinking of how to sanitize the input I initially thought it might be sufficient to check it was within a sane range. As far as I can tell, however, there is no documented upper limit for the number of Points in a given geometry (Polygons, Collections etc) in WKB other than math.MaxUint32 (4294967295).

This also affects the other geometry decoding functions that use the value returned from the WKB byte stream to do slice allocation:

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L134

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L120

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L99

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L78

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L64

https://github.com/go-spatial/tegola/blob/2d90e68580efc38a85e3b6c4ad020a80bf66095a/geom/encoding/wkb/internal/decode/decode.go#L41
@gdey gdey added the question label Aug 10, 2018
@gdey
Copy link
Member Author

gdey commented Aug 10, 2018

I'm not sure what we can do about this issue at current keeping it open to research it. Please, reference the original: go-spatial/tegola#384

@gdey
Copy link
Member Author

gdey commented Sep 5, 2018

golang/go#16843
Add a reference to underlining go issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gdey