isea: detect various int overflows and div by zero

Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2199
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2241
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2390
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7674
Credit to OSS Fuzz

2 files changed, 23 insertions, 3 deletions

diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp
index fc74bebe..659ca790 100644
--- a/src/projections/isea.cpp
+++ b/src/projections/isea.cpp
@@ -10,6 +10,8 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <limits>
+
 #define PJ_LIB__
 #include "proj_internal.h"
 #include "proj_math.h"
@@ -89,6 +91,9 @@ static void hexbin2(double width, double x, double y, long *i, long *j) {
     y = y - x / 2.0; /* adjustment for rotated X */
 
     /* adjust for actual hexwidth */
+    if( width == 0 ) {
+        throw "Division by zero";
+    }
     x /= width;
     y /= width;
 
@@ -100,6 +105,9 @@ static void hexbin2(double width, double x, double y, long *i, long *j) {
     iy = lround(ry);
     rz = floor(z + 0.5);
     iz = lround(rz);
+    if( fabs(rx + ry + rz) > std::numeric_limits<int>::max() ) {
+        throw "Integer overflow";
+    }
 
     s = ix + iy + iz;
 
@@ -764,11 +772,18 @@ static int isea_dddi(struct isea_dgg *g, int quad, struct isea_pt *pt,
     }
     /* todo might want to do this as an iterated loop */
     if (g->aperture >0) {
-        sidelength = lround(pow(g->aperture, g->resolution / 2.0));
+        double sidelengthDouble = pow(g->aperture, g->resolution / 2.0);
+        if( fabs(sidelengthDouble) > std::numeric_limits<int>::max() ) {
+            throw "Integer overflow";
+        }
+        sidelength = lround(sidelengthDouble);
     } else {
         sidelength = g->resolution;
     }
 
+    if( sidelength == 0 ) {
+        throw "Division by zero";
+    }
     hexwidth = 1.0 / sidelength;
 
     v = *pt;
@@ -1004,7 +1019,12 @@ static PJ_XY s_forward (PJ_LP lp, PJ *P) {           /* Spheroidal, forward */
     in.lon = lp.lam;
     in.lat = lp.phi;
 
-    out = isea_forward(&Q->dgg, &in);
+    try {
+        out = isea_forward(&Q->dgg, &in);
+    } catch( const char* ) {
+        proj_errno_set(P, PJD_ERR_NON_CONVERGENT);
+        return proj_coord_error().xy;
+    }
 
     xy.x = out.x;
     xy.y = out.y;
diff --git a/test/gie/builtins.gie b/test/gie/builtins.gie
index e0ba1141..b9680ca8 100644
--- a/test/gie/builtins.gie
+++ b/test/gie/builtins.gie
@@ -2102,7 +2102,7 @@ Icosahedral Snyder Equal Area
 ===============================================================================
 
 -------------------------------------------------------------------------------
-operation +proj=isea   +a=6400000    +lat_1=0.5 +lat_2=2
+operation +proj=isea   +a=6400000
 -------------------------------------------------------------------------------
 tolerance 0.1 mm
 accept  2 1