diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-05-29 14:28:38 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-05-29 14:28:38 +0200 |
| commit | 6bb6184a84f136f1686d51d43bfc04065e329ae5 (patch) | |
| tree | b9ceb8ac125127dd262ba3ea6ade260408b5bf6c /src | |
| parent | 95ffe331a196fc7c075c2a40922dbd0d312de426 (diff) | |
| download | PROJ-6bb6184a84f136f1686d51d43bfc04065e329ae5.tar.gz PROJ-6bb6184a84f136f1686d51d43bfc04065e329ae5.zip | |
PJ_imw_p.c: fix infinite loop in e_inverse() and memory leak.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1873
Credit to OSS Fuzz
Diffstat (limited to 'src')
| -rw-r--r-- | src/PJ_imw_p.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/PJ_imw_p.c b/src/PJ_imw_p.c index 126dd190..0820dd49 100644 --- a/src/PJ_imw_p.c +++ b/src/PJ_imw_p.c @@ -96,6 +96,8 @@ static LP e_inverse (XY xy, PJ *P) { /* Ellipsoidal, inverse */ struct pj_opaque *Q = P->opaque; XY t; double yc = 0.0; + int i = 0; + const int N_MAX_ITER = 1000; /* Arbitrarily choosen number... */ lp.phi = Q->phi_2; lp.lam = xy.x / cos(lp.phi); @@ -103,7 +105,14 @@ static LP e_inverse (XY xy, PJ *P) { /* Ellipsoidal, inverse */ t = loc_for(lp, P, &yc); lp.phi = ((lp.phi - Q->phi_1) * (xy.y - yc) / (t.y - yc)) + Q->phi_1; lp.lam = lp.lam * xy.x / t.x; - } while (fabs(t.x - xy.x) > TOL || fabs(t.y - xy.y) > TOL); + i ++; + } while (i < N_MAX_ITER && + (fabs(t.x - xy.x) > TOL || fabs(t.y - xy.y) > TOL)); + + if( i == N_MAX_ITER ) + { + lp.lam = lp.phi = HUGE_VAL; + } return lp; } @@ -126,6 +135,8 @@ static void *freeup_new (PJ *P) { /* Destructor */ if (0==P->opaque) return pj_dealloc (P); + if( P->opaque->en ) + pj_dealloc (P->opaque->en); pj_dealloc (P->opaque); return pj_dealloc(P); } |