From ad889fc63abd2b1352e107c947ed589108cc7bc0 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 24 Mar 2019 16:50:52 +0100 Subject: lcc: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13892 Credit to OSS Fuzz --- src/projections/lcc.cpp | 9 ++++++++- test/gie/builtins.gie | 15 +++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index 5eee0d14..55d28b80 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -105,6 +105,9 @@ PJ *PROJECTION(lcc) { m1 = pj_msfn(sinphi, cosphi, P->es); ml1 = pj_tsfn(Q->phi1, sinphi, P->e); + if( ml1 == 0 ) { + return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); + } if (secant) { /* secant cone */ sinphi = sin(Q->phi2); Q->n = log(m1 / pj_msfn(sinphi, cos(Q->phi2), P->es)); @@ -112,7 +115,11 @@ PJ *PROJECTION(lcc) { // Not quite, but es is very close to 1... return pj_default_destructor(P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); } - Q->n /= log(ml1 / pj_tsfn(Q->phi2, sinphi, P->e)); + const double ml2 = pj_tsfn(Q->phi2, sinphi, P->e); + if( ml2 == 0 ) { + return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); + } + Q->n /= log(ml1 / ml2); } Q->c = (Q->rho0 = m1 * pow(ml1, -Q->n) / Q->n); Q->rho0 *= (fabs(fabs(P->phi0) - M_HALFPI) < EPS10) ? 0. : diff --git a/test/gie/builtins.gie b/test/gie/builtins.gie index 97009cff..a28ff45c 100644 --- a/test/gie/builtins.gie +++ b/test/gie/builtins.gie @@ -2687,6 +2687,21 @@ operation +proj=lcc +a=9999999 +b=.9 +lat_2=1 ------------------------------------------------------------------------- expect failure errno eccentricity_is_one +------------------------------------------------------------------------------- +operation +proj=lcc +ellps=GRS80 +lat_1=0 +lat_2=90 +------------------------------------------------------------------------------- +expect failure errno lat_1_or_2_zero_or_90 + +------------------------------------------------------------------------------- +operation +proj=lcc +ellps=GRS80 +lat_1=90 +lat_2=0 +------------------------------------------------------------------------------- +expect failure errno lat_1_or_2_zero_or_90 + +------------------------------------------------------------------------------- +operation +proj=lcc +ellps=GRS80 +lat_1=90 +lat_2=90 +------------------------------------------------------------------------------- +expect failure errno lat_1_or_2_zero_or_90 + =============================================================================== Lambert Conformal Conic Alternative Conic, Sph&Ell -- cgit v1.2.3 From 0529b07f81d3c027e101c6e1eddb4685e957934d Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 24 Mar 2019 17:05:11 +0100 Subject: tmerc inverse: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13893 Credit to OSS Fuzz --- src/projections/tmerc.cpp | 4 ++++ test/gie/builtins.gie | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/src/projections/tmerc.cpp b/src/projections/tmerc.cpp index c91c5174..bb56f8ae 100644 --- a/src/projections/tmerc.cpp +++ b/src/projections/tmerc.cpp @@ -188,6 +188,10 @@ static PJ_LP approx_s_inv (PJ_XY xy, PJ *P) { double h, g; h = exp(xy.x / static_cast(P->opaque)->esp); + if( h == 0 ) { + proj_errno_set(P, PJD_ERR_INVALID_X_OR_Y); + return proj_coord_error().lp; + } g = .5 * (h - 1. / h); h = cos (P->phi0 + xy.y / static_cast(P->opaque)->esp); lp.phi = asin(sqrt((1. - h * h) / (1. + g * g))); diff --git a/test/gie/builtins.gie b/test/gie/builtins.gie index a28ff45c..f0290fa2 100644 --- a/test/gie/builtins.gie +++ b/test/gie/builtins.gie @@ -5058,6 +5058,14 @@ expect -0.001790493 0.000895247 accept -200 -100 expect -0.001790493 -0.000895247 + +------------------------------------------------------------------------------- +operation +proj=tmerc +R=1 +------------------------------------------------------------------------------- +direction inverse +accept -1e200 0 +expect failure errno invalid_x_or_y + =============================================================================== Tobler-Mercator Cyl, Sph -- cgit v1.2.3 From f41da8f8e0f6f41ca522279274da1f2441828eda Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 24 Mar 2019 17:11:55 +0100 Subject: vandg inverse: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13894 Credit to OSS Fuzz --- src/projections/vandg.cpp | 9 ++++++++- test/gie/builtins.gie | 7 +++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/projections/vandg.cpp b/src/projections/vandg.cpp index 89620356..c669f8fa 100644 --- a/src/projections/vandg.cpp +++ b/src/projections/vandg.cpp @@ -80,7 +80,14 @@ static PJ_LP s_inverse (PJ_XY xy, PJ *P) { /* Spheroidal, inverse */ al = c1 / c3 - THIRD * c2 * c2; m = 2. * sqrt(-THIRD * al); d = C2_27 * c2 * c2 * c2 + (c0 * c0 - THIRD * c2 * c1) / c3; - if (((t = fabs(d = 3. * d / (al * m))) - TOL) <= 1.) { + const double al_mul_m = al * m; + if( al_mul_m == 0 ) { + proj_errno_set(P, PJD_ERR_TOLERANCE_CONDITION); + return proj_coord_error().lp; + } + d = 3. * d /al_mul_m; + t = fabs(d); + if ((t - TOL) <= 1.) { d = t > 1. ? (d > 0. ? 0. : M_PI) : acos(d); lp.phi = M_PI * (m * cos(d * THIRD + PI4_3) - THIRD * c2); if (xy.y < 0.) lp.phi = -lp.phi; diff --git a/test/gie/builtins.gie b/test/gie/builtins.gie index f0290fa2..46375706 100644 --- a/test/gie/builtins.gie +++ b/test/gie/builtins.gie @@ -5388,6 +5388,13 @@ expect -0.001790494 0.000895247 accept -200 -100 expect -0.001790494 -0.000895247 +------------------------------------------------------------------------------- +operation +proj=vandg +R=1 +------------------------------------------------------------------------------- +direction inverse +accept 0 -1e100 +expect failure errno tolerance_condition + =============================================================================== van der Grinten II -- cgit v1.2.3 From 2e60df106deba4455089143e5ae0a4ea1858a3e1 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 24 Mar 2019 17:20:51 +0100 Subject: stere: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13895 Credit to OSS Fuzz --- src/projections/stere.cpp | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/projections/stere.cpp b/src/projections/stere.cpp index 9836f341..fd9f9827 100644 --- a/src/projections/stere.cpp +++ b/src/projections/stere.cpp @@ -55,11 +55,18 @@ static PJ_XY e_forward (PJ_LP lp, PJ *P) { /* Ellipsoidal, forward */ } switch (Q->mode) { - case OBLIQ: - A = Q->akm1 / (Q->cosX1 * (1. + Q->sinX1 * sinX + - Q->cosX1 * cosX * coslam)); + case OBLIQ: { + const double denom = Q->cosX1 * (1. + Q->sinX1 * sinX + + Q->cosX1 * cosX * coslam); + if( denom == 0 ) { + proj_errno_set(P, PJD_ERR_TOLERANCE_CONDITION); + return proj_coord_error().xy; + } + A = Q->akm1 / denom; xy.y = A * (Q->cosX1 * sinX - Q->sinX1 * cosX * coslam); - goto xmul; /* but why not just xy.x = A * cosX; break; ? */ + xy.x = A * cosX; + break; + } case EQUIT: /* avoid zero division */ @@ -69,7 +76,6 @@ static PJ_XY e_forward (PJ_LP lp, PJ *P) { /* Ellipsoidal, forward */ A = Q->akm1 / (1. + cosX * coslam); xy.y = A * sinX; } -xmul: xy.x = A * cosX; break; -- cgit v1.2.3