From 8a31ed4036888ff2039919f8c998a90cb2143bc2 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 19 Apr 2019 23:47:39 +0200
Subject: proj/cs2cs: validate value of -f parameter to avoid potential crashes
 (fixes #124)

---
 src/apps/proj.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/apps/proj.cpp')

diff --git a/src/apps/proj.cpp b/src/apps/proj.cpp
index 2af49c34..888d723f 100644
--- a/src/apps/proj.cpp
+++ b/src/apps/proj.cpp
@@ -7,6 +7,7 @@
 #include <string.h>
 #include <math.h>
 #include "emess.h"
+#include "utils.h"
 
 #if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__WIN32__)
 #  include <fcntl.h>
@@ -461,6 +462,13 @@ int main(int argc, char **argv) {
     if (eargc == 0) /* if no specific files force sysin */
         eargv[eargc++] = const_cast<char*>("-");
 
+    if( oform ) {
+        if( !validate_form_string_for_numbers(oform) ) {
+            emess(3, "invalid format string");
+            exit(0);
+        }
+    }
+
     /* done with parameter and control input */
     if (inverse && postscale) {
         prescale = 1;
@@ -487,7 +495,6 @@ int main(int argc, char **argv) {
         proj.inv = pj_inv;
     } else
         proj.fwd = pj_fwd;
-
     /* set input formatting control */
     if (mon) {
         pj_pr_list(Proj);
-- 
cgit v1.2.3