PJ_axisswap.c: validate axis value. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5073. Credit to OSS Fuzz. master only

author: Even Rouault <even.rouault@spatialys.com> 2018-01-11 12:13:47 +0100
committer: Even Rouault <even.rouault@spatialys.com> 2018-01-11 12:13:47 +0100
commit: d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e (patch)
tree: 38624a07fac7d395ba758fb3c4a553499a4a369e /src
parent: ec0fd9c68d24eb18f7352e822329069454892f90 (diff)
download: PROJ-d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e.tar.gz
PROJ-d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/PJ_axisswap.c b/src/PJ_axisswap.c
index bb22f41e..0d1683b4 100644
--- a/src/PJ_axisswap.c
+++ b/src/PJ_axisswap.c
@@ -192,6 +192,10 @@ PJ *CONVERSION(axisswap,0) {
         /* read axes numbers and signs */
         for ( s = order, n = 0; *s != '\0' && n < 4; ) {
             Q->axis[n] = abs(atoi(s))-1;
+            if (Q->axis[n] <= 0 || Q->axis[n] > 3) {
+                proj_log_error(P, "axisswap: invalid axis '%d'", Q->axis[n]);
+                return pj_default_destructor(P, PJD_ERR_AXIS);
+            }
             Q->sign[n++] = sign(atoi(s));
             while ( *s != '\0' && *s != ',' )
                 s++;
author	Even Rouault <even.rouault@spatialys.com>	2018-01-11 12:13:47 +0100
committer	Even Rouault <even.rouault@spatialys.com>	2018-01-11 12:13:47 +0100
commit	d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e (patch)
tree	38624a07fac7d395ba758fb3c4a553499a4a369e /src
parent	ec0fd9c68d24eb18f7352e822329069454892f90 (diff)
download	PROJ-d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e.tar.gz PROJ-d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e.zip