PJ_robin: avoid out-of-bounds read on NaN values

Found with AFL on gdalinfo on s_inverse(). s_forward() might also have the same issue, so fixing that too.
author: Even Rouault <even.rouault@spatialys.com> 2016-12-12 14:49:16 +0100
committer: Even Rouault <even.rouault@spatialys.com> 2016-12-12 14:49:16 +0100
commit: bc7453d1a75aab05bdff2c51ed78c908e3efa3cd (patch)
tree: 600700d69cf32f2a9eed9c80847f34da68b8c3e1
parent: 3f153391f101436935b491d694fa45da59482d87 (diff)
download: PROJ-bc7453d1a75aab05bdff2c51ed78c908e3efa3cd.tar.gz
PROJ-bc7453d1a75aab05bdff2c51ed78c908e3efa3cd.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/PJ_robin.c b/src/PJ_robin.c
index f6996313..8f6371e7 100644
--- a/src/PJ_robin.c
+++ b/src/PJ_robin.c
@@ -79,6 +79,8 @@ static XY s_forward (LP lp, PJ *P) {           /* Spheroidal, forward */
     (void) P;
 
     i = floor((dphi = fabs(lp.phi)) * C1);
+    if( i < 0 )
+        F_ERROR;
     if (i >= NODES) i = NODES - 1;
     dphi = RAD_TO_DEG * (dphi - RC1 * i);
     xy.x = V(X[i], dphi) * FXC * lp.lam;
@@ -105,7 +107,10 @@ static LP s_inverse (XY xy, PJ *P) {           /* Spheroidal, inverse */
         }
     } else { /* general problem */
         /* in Y space, reduce to table interval */
-        for (i = floor(lp.phi * NODES);;) {
+        i = floor(lp.phi * NODES);
+        if( i < 0 || i >= NODES )
+            I_ERROR;
+        for (;;) {
             if (Y[i].c0 > lp.phi) --i;
             else if (Y[i+1].c0 <= lp.phi) ++i;
             else break;
author	Even Rouault <even.rouault@spatialys.com>	2016-12-12 14:49:16 +0100
committer	Even Rouault <even.rouault@spatialys.com>	2016-12-12 14:49:16 +0100
commit	bc7453d1a75aab05bdff2c51ed78c908e3efa3cd (patch)
tree	600700d69cf32f2a9eed9c80847f34da68b8c3e1
parent	3f153391f101436935b491d694fa45da59482d87 (diff)
download	PROJ-bc7453d1a75aab05bdff2c51ed78c908e3efa3cd.tar.gz PROJ-bc7453d1a75aab05bdff2c51ed78c908e3efa3cd.zip