From 884da6cc0a2d9e85927fe30ba90d535db9d65317 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 29 Mar 2019 22:45:01 +0100 Subject: unitconvert: prevent division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13947 Credit to OSS Fuzz --- src/conversions/unitconvert.cpp | 24 ++++++++++++------------ test/gie/unitconvert.gie | 24 ++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/src/conversions/unitconvert.cpp b/src/conversions/unitconvert.cpp index 1e3372d6..d7edea55 100644 --- a/src/conversions/unitconvert.cpp +++ b/src/conversions/unitconvert.cpp @@ -473,11 +473,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "xy_in unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dxy_in").f) == 0.0) + f = pj_param (P->ctx, P->params, "dxy_in").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->xy_factor *= f; + Q->xy_factor = f; if (normalized_name != nullptr && strcmp(normalized_name, "Radian") == 0) P->left = PJ_IO_UNITS_RADIANS; } @@ -488,11 +488,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "xy_out unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dxy_out").f) == 0.0) + f = pj_param (P->ctx, P->params, "dxy_out").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->xy_factor /= f; + Q->xy_factor /= f; if (normalized_name != nullptr && strcmp(normalized_name, "Radian") == 0) P->right= PJ_IO_UNITS_RADIANS; } @@ -509,11 +509,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "z_in unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dz_in").f) == 0.0) + f = pj_param (P->ctx, P->params, "dz_in").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->z_factor *= f; + Q->z_factor = f; } if ((name = pj_param (P->ctx, P->params, "sz_out").s) != nullptr) { @@ -522,11 +522,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "z_out unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dz_out").f) == 0.0) + f = pj_param (P->ctx, P->params, "dz_out").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->z_factor /= f; + Q->z_factor /= f; } if( z_in_is_linear >= 0 && z_out_is_linear >= 0 && diff --git a/test/gie/unitconvert.gie b/test/gie/unitconvert.gie index 2e06fe72..f763959b 100644 --- a/test/gie/unitconvert.gie +++ b/test/gie/unitconvert.gie @@ -43,4 +43,28 @@ operation proj=unitconvert z_in=rad z_out=m accept 1 1 1 1 expect failure +operation proj=unitconvert xy_in=0 +expect failure + +operation proj=unitconvert xy_out=0 +expect failure + +operation proj=unitconvert xy_in=1e400 +expect failure + +operation proj=unitconvert xy_out=1e400 +expect failure + +operation proj=unitconvert z_in=0 +expect failure + +operation proj=unitconvert z_out=0 +expect failure + +operation proj=unitconvert z_in=1e400 +expect failure + +operation proj=unitconvert z_out=1e400 +expect failure + -- cgit v1.2.3