pj_compare_datums(): fix null pointer dereference.

Can happen when any of the src/dest projection has a +catalog parameter.
Fix a memory leak on catalog_name as well.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1799

Credit to OSS Fuzz

2 files changed, 9 insertions, 2 deletions

diff --git a/src/pj_init.c b/src/pj_init.c
index b86950bc..764784f5 100644
--- a/src/pj_init.c
+++ b/src/pj_init.c
@@ -732,6 +732,9 @@ pj_free(PJ *P) {
         if( P->vgridlist_geoid != NULL )
             pj_dalloc( P->vgridlist_geoid );
 
+        if( P->catalog_name != NULL )
+            pj_dalloc( P->catalog_name );
+
         if( P->catalog != NULL )
             pj_dalloc( P->catalog );
 
diff --git a/src/pj_transform.c b/src/pj_transform.c
index f566fcfc..a842ba72 100644
--- a/src/pj_transform.c
+++ b/src/pj_transform.c
@@ -588,8 +588,12 @@ int pj_compare_datums( PJ *srcdefn, PJ *dstdefn )
     }
     else if( srcdefn->datum_type == PJD_GRIDSHIFT )
     {
-        return strcmp( pj_param(srcdefn->ctx, srcdefn->params,"snadgrids").s,
-                       pj_param(dstdefn->ctx, dstdefn->params,"snadgrids").s ) == 0;
+        const char* srcnadgrids =
+            pj_param(srcdefn->ctx, srcdefn->params,"snadgrids").s;
+        const char* dstnadgrids =
+            pj_param(dstdefn->ctx, dstdefn->params,"snadgrids").s;
+        return srcnadgrids != 0 && dstnadgrids != 0 &&
+               strcmp( srcnadgrids, dstnadgrids ) == 0;
     }
     else
         return 1;