From eb1a32eb79cd0de0f6bc8057de8d1c08c82308c3 Mon Sep 17 00:00:00 2001
From: Artem Pavlenko <artem@mapnik.org>
Date: Thu, 1 Mar 2018 11:54:41 +0100
Subject: [PATCH] fix dereferencing out-of-range iterator (caught by
 -fsanitize=undefined,integer) (#3867)

---
 include/mapnik/agg_renderer.hpp | 13 ++++++++-----
 src/agg/agg_renderer.cpp        |  3 ++-
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/mapnik/agg_renderer.hpp b/include/mapnik/agg_renderer.hpp
index 88eeb97ad..b348fb398 100644
--- a/include/mapnik/agg_renderer.hpp
+++ b/include/mapnik/agg_renderer.hpp
@@ -81,18 +81,21 @@ public:
         }
         else
         {
-            position_--;
+            --position_;
             mapnik::fill(*position_, 0); // fill with transparent colour
         }
         return *position_;
     }
+    bool in_range() const
+    {
+        return (position_ != buffers_.end());
+    }
 
     void pop()
     {
-        if (position_ != buffers_.end())
-        {
-            position_++;
-        }
+        // ^ ensure irator is not out-of-range
+        // prior calling this method
+        ++position_;
     }
 
     T & top() const
diff --git a/src/agg/agg_renderer.cpp b/src/agg/agg_renderer.cpp
index 584517ac4..3734a4552 100644
--- a/src/agg/agg_renderer.cpp
+++ b/src/agg/agg_renderer.cpp
@@ -340,7 +340,8 @@ void agg_renderer<T0,T1>::end_style_processing(feature_type_style const& st)
                       -common_.t_.offset(),
                       -common_.t_.offset());
         }
-        if (&current_buffer == &internal_buffers_.top())
+        if (internal_buffers_.in_range()
+            && &current_buffer == &internal_buffers_.top())
         {
             internal_buffers_.pop();
         }