diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2019-02-02 09:44:44 +0100 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2019-02-02 09:44:44 +0100 |
| commit | 1c60f4cc408e85aff78482659a80fe974ee5d57b (patch) | |
| tree | 073ce0071c0177cc9bf1435bef4b6c4c94b0c7ae | |
| parent | 17a26919fe7070ea8c0ee134d99e43587a0df9d0 (diff) | |
| download | PROJ-1c60f4cc408e85aff78482659a80fe974ee5d57b.tar.gz PROJ-1c60f4cc408e85aff78482659a80fe974ee5d57b.zip | |
PROJStringSyntaxParser: avoid assertion on illegal input. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12837. Credit to OSS Fuzz
| -rw-r--r-- | src/iso19111/io.cpp | 17 | ||||
| -rw-r--r-- | test/unit/test_io.cpp | 4 |
2 files changed, 13 insertions, 8 deletions
diff --git a/src/iso19111/io.cpp b/src/iso19111/io.cpp index 3517c225..f854e21a 100644 --- a/src/iso19111/io.cpp +++ b/src/iso19111/io.cpp @@ -5285,6 +5285,8 @@ PROJStringSyntaxParser(const std::string &projString, std::vector<Step> &steps, const char *c_str = projString.c_str(); std::vector<std::string> tokens; + bool hasProj = false; + bool hasInit = false; { size_t i = 0; while (true) { @@ -5313,6 +5315,13 @@ PROJStringSyntaxParser(const std::string &projString, std::vector<Step> &steps, if (token.empty()) { break; } + if (!hasProj && + (starts_with(token, "proj=") || starts_with(token, "+proj="))) { + hasProj = true; + } else if (!hasInit && (starts_with(token, "init=") || + starts_with(token, "+init="))) { + hasInit = true; + } tokens.emplace_back(token); } } @@ -5320,14 +5329,6 @@ PROJStringSyntaxParser(const std::string &projString, std::vector<Step> &steps, bool prevWasTitle = false; if (projString.find("proj=pipeline") == std::string::npos) { - const bool hasProj = projString.find("proj=") == 0 || - projString.find("+proj=") == 0 || - projString.find(" proj=") != std::string::npos || - projString.find(" +proj=") != std::string::npos; - const bool hasInit = projString.find("init=") == 0 || - projString.find("+init=") == 0 || - projString.find(" init=") != std::string::npos || - projString.find(" +init=") != std::string::npos; if (hasProj || hasInit) { steps.push_back(Step()); } diff --git a/test/unit/test_io.cpp b/test/unit/test_io.cpp index 1bbedc03..157614b4 100644 --- a/test/unit/test_io.cpp +++ b/test/unit/test_io.cpp @@ -8735,6 +8735,10 @@ TEST(io, projparse_errors) { EXPECT_THROW(PROJStringParser().createFromPROJString( "proj=pipeline step init=epsg:4326 init=epsg:4326"), ParsingException); + + EXPECT_THROW( + PROJStringParser().createFromPROJString("proj=\tinit= +type=crs"), + ParsingException); } // --------------------------------------------------------------------------- |