From a1dd3facaefd85e25a8202b7b9ea19b31278e36c Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 24 Nov 2021 00:31:21 +0100
Subject: Pipeline parsing: reject proj=/o_proj= before first step, to avoid
 bad performance pattern on hostile pipelines

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41290
---
 src/pipeline.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/pipeline.cpp')

diff --git a/src/pipeline.cpp b/src/pipeline.cpp
index c001ba27..2f50162f 100644
--- a/src/pipeline.cpp
+++ b/src/pipeline.cpp
@@ -452,7 +452,19 @@ PJ *OPERATION(pipeline,0) {
                 return destructor (P, PROJ_ERR_INVALID_OP_WRONG_SYNTAX); /* ERROR: nested pipelines */
             }
             i_pipeline = i;
+        } else if (0==nsteps && 0==strncmp(argv[i], "proj=", 5) ) {
+            // Non-sensical to have proj= in the general pipeline parameters.
+            // Would not be a big issue in itself, but this makes bad performance
+            // in parsing hostile pipelines more likely, such as the one of
+            // https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41290
+            proj_log_error (P, _("Pipeline: proj= operator before first step not allowed"));
+            return destructor (P, PROJ_ERR_INVALID_OP_WRONG_SYNTAX);
+        }  else if (0==nsteps && 0==strncmp(argv[i], "o_proj=", 7) ) {
+            // Same as above.
+            proj_log_error (P, _("Pipeline: o_proj= operator before first step not allowed"));
+            return destructor (P, PROJ_ERR_INVALID_OP_WRONG_SYNTAX);
         }
+
     }
     nsteps--; /* Last instance of +step is just a sentinel */
 
-- 
cgit v1.2.3