diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2019-02-05 23:48:32 +0100 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2019-02-05 23:48:32 +0100 |
| commit | 149bd81691e309d4ab22bed944ea69fbeaec450f (patch) | |
| tree | 01f467794a59e05ac1860d4b66431e3fdcc2ab51 | |
| parent | abe7ba20580842d0b79ad25ad8c7c80c54a0cc55 (diff) | |
| download | PROJ-149bd81691e309d4ab22bed944ea69fbeaec450f.tar.gz PROJ-149bd81691e309d4ab22bed944ea69fbeaec450f.zip | |
PROJStringParser::createFromPROJString(): avoid potential infinite loop. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12913. Credit to OSS Fuzz
| -rw-r--r-- | src/iso19111/io.cpp | 16 | ||||
| -rw-r--r-- | src/proj_internal.h | 2 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/iso19111/io.cpp b/src/iso19111/io.cpp index 1f4a7c8b..431c75af 100644 --- a/src/iso19111/io.cpp +++ b/src/iso19111/io.cpp @@ -5313,6 +5313,9 @@ PROJStringSyntaxParser(const std::string &projString, std::vector<Step> &steps, } token += c_str[i]; } + if (in_string) { + throw ParsingException("Unbalanced double quote"); + } if (token.empty()) { break; } @@ -7452,6 +7455,13 @@ static const metadata::ExtentPtr &getExtent(const crs::CRS *crs) { */ BaseObjectNNPtr PROJStringParser::createFromPROJString(const std::string &projString) { + + // In some abnormal situations involving init=epsg:XXXX syntax, we could + // have infinite loop + if (d->ctx_ && d->ctx_->curStringInCreateFromPROJString == projString) { + throw ParsingException("invalid PROJ string"); + } + d->steps_.clear(); d->title_.clear(); d->globalParamValues_.clear(); @@ -7760,11 +7770,17 @@ PROJStringParser::createFromPROJString(const std::string &projString) { proj_log_func(pj_context, &logger, Logger::log); proj_context_use_proj4_init_rules(pj_context, d->usePROJ4InitRules_); } + if (d->ctx_) { + d->ctx_->curStringInCreateFromPROJString = projString; + } auto pj = pj_create_internal( pj_context, (projString.find("type=crs") != std::string::npos ? projString + " +disable_grid_presence_check" : projString) .c_str()); + if (d->ctx_) { + d->ctx_->curStringInCreateFromPROJString.clear(); + } valid = pj != nullptr; // Remove parameters not understood by PROJ. diff --git a/src/proj_internal.h b/src/proj_internal.h index f5196939..453bd654 100644 --- a/src/proj_internal.h +++ b/src/proj_internal.h @@ -702,6 +702,8 @@ struct projCtx_t { const char* (*file_finder) (PJ_CONTEXT *, const char*, void* user_data) = nullptr; void* file_finder_user_data = nullptr; + std::string curStringInCreateFromPROJString{}; + projCtx_t() = default; projCtx_t(const projCtx_t&); ~projCtx_t(); |