From 2f0de0e85ff02ef72ff2f09076077566bf4e8ba2 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 29 May 2017 14:17:02 +0200
Subject: pj_compare_datums(): fix null pointer dereference.

Can happen when any of the src/dest projection has a +catalog parameter.
Fix a memory leak on catalog_name as well.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1799

Credit to OSS Fuzz
---
 src/pj_init.c      | 3 +++
 src/pj_transform.c | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/pj_init.c b/src/pj_init.c
index b86950bc..764784f5 100644
--- a/src/pj_init.c
+++ b/src/pj_init.c
@@ -732,6 +732,9 @@ pj_free(PJ *P) {
         if( P->vgridlist_geoid != NULL )
             pj_dalloc( P->vgridlist_geoid );
 
+        if( P->catalog_name != NULL )
+            pj_dalloc( P->catalog_name );
+
         if( P->catalog != NULL )
             pj_dalloc( P->catalog );
 
diff --git a/src/pj_transform.c b/src/pj_transform.c
index f566fcfc..a842ba72 100644
--- a/src/pj_transform.c
+++ b/src/pj_transform.c
@@ -588,8 +588,12 @@ int pj_compare_datums( PJ *srcdefn, PJ *dstdefn )
     }
     else if( srcdefn->datum_type == PJD_GRIDSHIFT )
     {
-        return strcmp( pj_param(srcdefn->ctx, srcdefn->params,"snadgrids").s,
-                       pj_param(dstdefn->ctx, dstdefn->params,"snadgrids").s ) == 0;
+        const char* srcnadgrids =
+            pj_param(srcdefn->ctx, srcdefn->params,"snadgrids").s;
+        const char* dstnadgrids =
+            pj_param(dstdefn->ctx, dstdefn->params,"snadgrids").s;
+        return srcnadgrids != 0 && dstnadgrids != 0 &&
+               strcmp( srcnadgrids, dstnadgrids ) == 0;
     }
     else
         return 1;
-- 
cgit v1.2.3