diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2021-12-02 17:33:57 +0100 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2021-12-02 17:34:01 +0100 |
| commit | 5974d4b3feb7bcee7c9579d5959fa73665d85d82 (patch) | |
| tree | 803ec600a6a038409301192373e079aaaa8bb957 /src/internal.cpp | |
| parent | 7dc8a59217c41c8cfefe7f9d97cb7dae4a8b8fbd (diff) | |
| download | PROJ-5974d4b3feb7bcee7c9579d5959fa73665d85d82.tar.gz PROJ-5974d4b3feb7bcee7c9579d5959fa73665d85d82.zip | |
PROJ string parsing: fix unquoting of parameter values when the parameter name is just one single character
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41462
Diffstat (limited to 'src/internal.cpp')
| -rw-r--r-- | src/internal.cpp | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/internal.cpp b/src/internal.cpp index e934069f..b7648924 100644 --- a/src/internal.cpp +++ b/src/internal.cpp @@ -326,6 +326,31 @@ argument string, args, and count its number of elements. } +static void unquote_string(char* param_str) { + + size_t len = strlen(param_str); + // Remove leading and terminating spaces after equal sign + const char* equal = strstr(param_str, "=\""); + if( equal && equal - param_str + 1 >= 2 && param_str[len-1] == '"' ) { + size_t dst = equal + 1 - param_str; + size_t src = dst + 1; + for( ; param_str[src]; dst++, src++) + { + if( param_str[src] == '"' ) { + if( param_str[src+1] == '"' ) { + src++; + } else { + break; + } + } + param_str[dst] = param_str[src]; + } + param_str[dst] = '\0'; + } + +} + + /*****************************************************************************/ char **pj_trim_argv (size_t argc, char *args) { @@ -349,7 +374,6 @@ It is the duty of the caller to free this array. if (0==argc) return nullptr; - /* turn the input string into an array of strings */ char** argv = (char **) calloc (argc, sizeof (char *)); if (nullptr==argv) @@ -359,6 +383,7 @@ It is the duty of the caller to free this array. char* str = argv[j]; size_t nLen = strlen(str); i += nLen + 1; + unquote_string(str); } return argv; } @@ -370,7 +395,11 @@ std::string pj_double_quote_string_param_if_needed(const std::string& str) { if( str.find(' ') == std::string::npos ) { return str; } - return '"' + replaceAll(str, "\"", "\"\"") + '"'; + std::string ret; + ret += '"'; + ret += replaceAll(str, "\"", "\"\""); + ret += '"'; + return ret; } /*****************************************************************************/ @@ -383,7 +412,6 @@ Allocates, and returns, an array of char, large enough to hold a whitespace separated copy of the args in argv. It is the duty of the caller to free this array. ******************************************************************************/ - try { std::string s; |