From 8a31ed4036888ff2039919f8c998a90cb2143bc2 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 19 Apr 2019 23:47:39 +0200
Subject: proj/cs2cs: validate value of -f parameter to avoid potential crashes
 (fixes #124)

---
 src/apps/cs2cs.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/apps/cs2cs.cpp')

diff --git a/src/apps/cs2cs.cpp b/src/apps/cs2cs.cpp
index 877a68ff..40b0d584 100644
--- a/src/apps/cs2cs.cpp
+++ b/src/apps/cs2cs.cpp
@@ -45,6 +45,7 @@
 #include "proj.h"
 #include "proj_internal.h"
 #include "emess.h"
+#include "utils.h"
 // clang-format on
 
 #define MAX_LINE 1000
@@ -522,6 +523,13 @@ int main(int argc, char **argv) {
     if (eargc == 0) /* if no specific files force sysin */
         eargv[eargc++] = const_cast<char *>("-");
 
+    if( oform ) {
+        if( !validate_form_string_for_numbers(oform) ) {
+            emess(3, "invalid format string");
+            exit(0);
+        }
+    }
+
     /*
      * If the user has requested inverse, then just reverse the
      * coordinate systems.
-- 
cgit v1.2.3