From 70ed3efe60718be74d73d92ec2d121e2de268e53 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 4 Apr 2019 22:36:00 +0200
Subject: Reject negative e parameter to avoid division by zero

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14044
Credit to OSS Fuzz
---
 src/ell_set.cpp | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'src/ell_set.cpp')

diff --git a/src/ell_set.cpp b/src/ell_set.cpp
index c0b9016d..0d7fb6d5 100644
--- a/src/ell_set.cpp
+++ b/src/ell_set.cpp
@@ -280,7 +280,7 @@ static int ellps_shape (PJ *P) {
         if (HUGE_VAL==P->es)
             return proj_errno_set (P, PJD_ERR_INVALID_ARG);
         if (P->es >= 1)
-            return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER);
+            return proj_errno_set (P, PJD_ERR_INVALID_ECCENTRICITY);
         break;
 
     /* eccentricity, e */
@@ -288,10 +288,8 @@ static int ellps_shape (PJ *P) {
         P->e = pj_atof (pj_param_value (par));
         if (HUGE_VAL==P->e)
             return proj_errno_set (P, PJD_ERR_INVALID_ARG);
-        if (0==P->e)
-            return proj_errno_set (P, PJD_ERR_INVALID_ARG);
-        if (P->e >= 1)
-             return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER);
+        if (P->e < 0 || P->e >= 1)
+             return proj_errno_set (P, PJD_ERR_INVALID_ECCENTRICITY);
         P->es = P->e * P->e;
         break;
 
@@ -301,7 +299,7 @@ static int ellps_shape (PJ *P) {
         if (HUGE_VAL==P->b)
             return proj_errno_set (P, PJD_ERR_INVALID_ARG);
         if (P->b <= 0)
-            return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER);
+            return proj_errno_set (P, PJD_ERR_INVALID_ECCENTRICITY);
         if (P->b==P->a)
             break;
         P->f = (P->a - P->b) / P->a;
@@ -542,8 +540,8 @@ int pj_calc_ellipsoid_params (PJ *P, double a, double es) {
     if (0==P->f)
         P->f  = 1 - cos (P->alpha);   /* = 1 - sqrt (1 - PIN->es); */
     if (P->f == 1.0) {
-        pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER);
-        return PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER;
+        pj_ctx_set_errno( P->ctx, PJD_ERR_INVALID_ECCENTRICITY);
+        return PJD_ERR_INVALID_ECCENTRICITY;
     }
     P->rf = P->f != 0.0 ? 1.0/P->f: HUGE_VAL;
 
@@ -563,8 +561,8 @@ int pj_calc_ellipsoid_params (PJ *P, double a, double es) {
 
     P->one_es = 1. - P->es;
     if (P->one_es == 0.) {
-        pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER);
-        return PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER;
+        pj_ctx_set_errno( P->ctx, PJD_ERR_INVALID_ECCENTRICITY);
+        return PJD_ERR_INVALID_ECCENTRICITY;
     }
 
     P->rone_es = 1./P->one_es;
@@ -651,6 +649,10 @@ int pj_ell_set (projCtx ctx, paralist *pl, double *a, double *es) {
             *es = pj_param(ctx,pl, "des").f;
         else if (pj_param(ctx,pl, "te").i) { /* eccentricity */
             e = pj_param(ctx,pl, "de").f;
+            if (e < 0) {
+                pj_ctx_set_errno(ctx, PJD_ERR_INVALID_ECCENTRICITY);
+                return 1;
+            }
             *es = e * e;
         } else if (pj_param(ctx,pl, "trf").i) { /* recip flattening */
             *es = pj_param(ctx,pl, "drf").f;
@@ -720,7 +722,7 @@ bomb:
         return 1;
     }
     if (*es >= 1.) {
-        pj_ctx_set_errno(ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER);
+        pj_ctx_set_errno(ctx, PJD_ERR_INVALID_ECCENTRICITY);
         return 1;
     }
     if (*a <= 0.) {
-- 
cgit v1.2.3