pj_apply_vgridshift(): avoid integer overflow / read heap-buffer-overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1950. Credit to OSS Fuzz

author: Even Rouault <even.rouault@spatialys.com> 2017-05-31 13:42:15 +0200
committer: Even Rouault <even.rouault@spatialys.com> 2017-05-31 13:42:15 +0200
commit: 08355f826c2d8bc880ae171e239e20e980c9560e (patch)
tree: f7ccd7799b40653d2729e4757b595a0246a5974a /src
parent: 73993d15324dacfd6eba7c19707687d2c51bba6a (diff)
download: PROJ-08355f826c2d8bc880ae171e239e20e980c9560e.tar.gz
PROJ-08355f826c2d8bc880ae171e239e20e980c9560e.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/pj_apply_vgridshift.c b/src/pj_apply_vgridshift.c
index 5b81a26d..35047a19 100644
--- a/src/pj_apply_vgridshift.c
+++ b/src/pj_apply_vgridshift.c
@@ -77,14 +77,18 @@ int pj_apply_vgridshift( PJ *defn, const char *listname,
     {
         long io = i * point_offset;
         LP   input;
-        int  itable;
+        int  itable = 0;
         double value = HUGE_VAL;
 
         input.phi = y[io];
         input.lam = x[io];
 
+        /* do not deal with NaN coordinates */
+        if( input.phi != input.phi || input.lam != input.lam )
+            itable = *gridlist_count_p;
+
         /* keep trying till we find a table that works */
-        for( itable = 0; itable < *gridlist_count_p; itable++ )
+        for( ; itable < *gridlist_count_p; itable++ )
         {
             PJ_GRIDINFO *gi = tables[itable];
             struct CTABLE *ct = gi->ct;
author	Even Rouault <even.rouault@spatialys.com>	2017-05-31 13:42:15 +0200
committer	Even Rouault <even.rouault@spatialys.com>	2017-05-31 13:42:15 +0200
commit	08355f826c2d8bc880ae171e239e20e980c9560e (patch)
tree	f7ccd7799b40653d2729e4757b595a0246a5974a /src
parent	73993d15324dacfd6eba7c19707687d2c51bba6a (diff)
download	PROJ-08355f826c2d8bc880ae171e239e20e980c9560e.tar.gz PROJ-08355f826c2d8bc880ae171e239e20e980c9560e.zip