diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-11-26 12:53:42 +0100 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-11-26 12:53:42 +0100 |
| commit | 16432022a82ecbf22802680d42bf9adacefef6da (patch) | |
| tree | 25930984f44b5b5e1e2744388a21fa27d3126ae1 /src | |
| parent | a2a546a74acf16cf0721ce3572534f06c2822b11 (diff) | |
| download | PROJ-16432022a82ecbf22802680d42bf9adacefef6da.tar.gz PROJ-16432022a82ecbf22802680d42bf9adacefef6da.zip | |
axisswap: validate axis number. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4404. Credit to OSS Fuzz
Diffstat (limited to 'src')
| -rw-r--r-- | src/PJ_axisswap.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/PJ_axisswap.c b/src/PJ_axisswap.c index 53c93cc9..f8f17380 100644 --- a/src/PJ_axisswap.c +++ b/src/PJ_axisswap.c @@ -187,6 +187,10 @@ PJ *CONVERSION(axisswap,0) { /* read axes numbers and signs */ for ( s = order, n = 0; *s != '\0' && n < 4; ) { Q->axis[n] = abs(atoi(s))-1; + if (Q->axis[n] >= 4) { + proj_log_error(P, "swapaxis: invalid axis '%s'", s); + return pj_default_destructor(P, PJD_ERR_AXIS); + } Q->sign[n++] = sign(atoi(s)); while ( *s != '\0' && *s != ',' ) s++; |