From fde6150b61aa225bb960d46f1611c82bf81315b3 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Thu, 14 Mar 2019 23:07:29 +0100 Subject: Reject eccentricity values larger than one Valid eccentricity should be between 0 (included) or 1 (excluded) Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13665 Credit to OSS Fuzz --- src/ell_set.cpp | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'src/ell_set.cpp') diff --git a/src/ell_set.cpp b/src/ell_set.cpp index 4c9fc892..71746895 100644 --- a/src/ell_set.cpp +++ b/src/ell_set.cpp @@ -280,8 +280,8 @@ static int ellps_shape (PJ *P) { P->es = pj_atof (pj_param_value (par)); if (HUGE_VAL==P->es) return proj_errno_set (P, PJD_ERR_INVALID_ARG); - if (1==P->es) - return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE); + if (P->es >= 1) + return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); break; /* eccentricity, e */ @@ -291,8 +291,8 @@ static int ellps_shape (PJ *P) { return proj_errno_set (P, PJD_ERR_INVALID_ARG); if (0==P->e) return proj_errno_set (P, PJD_ERR_INVALID_ARG); - if (1==P->e) - return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE); + if (P->e >= 1) + return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); P->es = P->e * P->e; break; @@ -301,8 +301,8 @@ static int ellps_shape (PJ *P) { P->b = pj_atof (pj_param_value (par)); if (HUGE_VAL==P->b) return proj_errno_set (P, PJD_ERR_INVALID_ARG); - if (0==P->b) - return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE); + if (P->b <= 0) + return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); if (P->b==P->a) break; P->f = (P->a - P->b) / P->a; @@ -556,8 +556,8 @@ int pj_calc_ellipsoid_params (PJ *P, double a, double es) { P->one_es = 1. - P->es; if (P->one_es == 0.) { - pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE); - return PJD_ERR_ECCENTRICITY_IS_ONE; + pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + return PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER; } P->rone_es = 1./P->one_es; @@ -712,6 +712,10 @@ bomb: pj_ctx_set_errno(ctx, PJD_ERR_ES_LESS_THAN_ZERO); return 1; } + if (*es >= 1.) { + pj_ctx_set_errno(ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + return 1; + } if (*a <= 0.) { pj_ctx_set_errno(ctx, PJD_ERR_MAJOR_AXIS_NOT_GIVEN); return 1; -- cgit v1.2.3 From 44fc7dda9fc411f7c2f052c2271d563bc52f2518 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 15 Mar 2019 20:17:28 +0100 Subject: ellps_spherification(): detect invalid semi-major axis value Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12909 Credit to OSS Fuzz --- src/ell_set.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/ell_set.cpp') diff --git a/src/ell_set.cpp b/src/ell_set.cpp index 71746895..386b4f46 100644 --- a/src/ell_set.cpp +++ b/src/ell_set.cpp @@ -399,6 +399,10 @@ static int ellps_spherification (PJ *P) { break; } + if (P->a <= 0.) { + return proj_errno_set(P, PJD_ERR_MAJOR_AXIS_NOT_GIVEN); + } + /* Clean up the ellipsoidal parameters to reflect the sphere */ P->es = P->e = P->f = 0; P->rf = HUGE_VAL; -- cgit v1.2.3 From 81ee400af413e4b2449213d269c1422b8611e3aa Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Wed, 20 Mar 2019 18:25:46 +0100 Subject: pj_calc_ellipsoid_params(): reject f=1 To avoid division by zero of b. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13830 Credit to OSS Fuzz --- src/ell_set.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/ell_set.cpp') diff --git a/src/ell_set.cpp b/src/ell_set.cpp index 386b4f46..d0714bee 100644 --- a/src/ell_set.cpp +++ b/src/ell_set.cpp @@ -542,6 +542,10 @@ int pj_calc_ellipsoid_params (PJ *P, double a, double es) { /* flattening */ if (0==P->f) P->f = 1 - cos (P->alpha); /* = 1 - sqrt (1 - PIN->es); */ + if (P->f == 1.0) { + pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + return PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER; + } P->rf = P->f != 0.0 ? 1.0/P->f: HUGE_VAL; /* second flattening */ -- cgit v1.2.3 From 095d2204f8bb05d172936aebbb1e9e44852c049f Mon Sep 17 00:00:00 2001 From: Chris Mayo Date: Fri, 29 Mar 2019 19:17:37 +0000 Subject: Remove duplicate instances of #include "proj_internal.h" Introduced by "Merge projects.h into proj_internal.h" 8ab6f683. --- src/ell_set.cpp | 1 - 1 file changed, 1 deletion(-) (limited to 'src/ell_set.cpp') diff --git a/src/ell_set.cpp b/src/ell_set.cpp index d0714bee..c0b9016d 100644 --- a/src/ell_set.cpp +++ b/src/ell_set.cpp @@ -6,7 +6,6 @@ #include "proj.h" #include "proj_internal.h" -#include "proj_internal.h" /* Prototypes of the pj_ellipsoid helper functions */ -- cgit v1.2.3 From 70ed3efe60718be74d73d92ec2d121e2de268e53 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Thu, 4 Apr 2019 22:36:00 +0200 Subject: Reject negative e parameter to avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14044 Credit to OSS Fuzz --- src/ell_set.cpp | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'src/ell_set.cpp') diff --git a/src/ell_set.cpp b/src/ell_set.cpp index c0b9016d..0d7fb6d5 100644 --- a/src/ell_set.cpp +++ b/src/ell_set.cpp @@ -280,7 +280,7 @@ static int ellps_shape (PJ *P) { if (HUGE_VAL==P->es) return proj_errno_set (P, PJD_ERR_INVALID_ARG); if (P->es >= 1) - return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + return proj_errno_set (P, PJD_ERR_INVALID_ECCENTRICITY); break; /* eccentricity, e */ @@ -288,10 +288,8 @@ static int ellps_shape (PJ *P) { P->e = pj_atof (pj_param_value (par)); if (HUGE_VAL==P->e) return proj_errno_set (P, PJD_ERR_INVALID_ARG); - if (0==P->e) - return proj_errno_set (P, PJD_ERR_INVALID_ARG); - if (P->e >= 1) - return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + if (P->e < 0 || P->e >= 1) + return proj_errno_set (P, PJD_ERR_INVALID_ECCENTRICITY); P->es = P->e * P->e; break; @@ -301,7 +299,7 @@ static int ellps_shape (PJ *P) { if (HUGE_VAL==P->b) return proj_errno_set (P, PJD_ERR_INVALID_ARG); if (P->b <= 0) - return proj_errno_set (P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + return proj_errno_set (P, PJD_ERR_INVALID_ECCENTRICITY); if (P->b==P->a) break; P->f = (P->a - P->b) / P->a; @@ -542,8 +540,8 @@ int pj_calc_ellipsoid_params (PJ *P, double a, double es) { if (0==P->f) P->f = 1 - cos (P->alpha); /* = 1 - sqrt (1 - PIN->es); */ if (P->f == 1.0) { - pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); - return PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER; + pj_ctx_set_errno( P->ctx, PJD_ERR_INVALID_ECCENTRICITY); + return PJD_ERR_INVALID_ECCENTRICITY; } P->rf = P->f != 0.0 ? 1.0/P->f: HUGE_VAL; @@ -563,8 +561,8 @@ int pj_calc_ellipsoid_params (PJ *P, double a, double es) { P->one_es = 1. - P->es; if (P->one_es == 0.) { - pj_ctx_set_errno( P->ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); - return PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER; + pj_ctx_set_errno( P->ctx, PJD_ERR_INVALID_ECCENTRICITY); + return PJD_ERR_INVALID_ECCENTRICITY; } P->rone_es = 1./P->one_es; @@ -651,6 +649,10 @@ int pj_ell_set (projCtx ctx, paralist *pl, double *a, double *es) { *es = pj_param(ctx,pl, "des").f; else if (pj_param(ctx,pl, "te").i) { /* eccentricity */ e = pj_param(ctx,pl, "de").f; + if (e < 0) { + pj_ctx_set_errno(ctx, PJD_ERR_INVALID_ECCENTRICITY); + return 1; + } *es = e * e; } else if (pj_param(ctx,pl, "trf").i) { /* recip flattening */ *es = pj_param(ctx,pl, "drf").f; @@ -720,7 +722,7 @@ bomb: return 1; } if (*es >= 1.) { - pj_ctx_set_errno(ctx, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + pj_ctx_set_errno(ctx, PJD_ERR_INVALID_ECCENTRICITY); return 1; } if (*a <= 0.) { -- cgit v1.2.3