From c9b27a248d3ed9964b6ac0847a83eba383b62537 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Tue, 26 Feb 2019 21:17:33 +0100 Subject: Fix build issues on Solaris --- src/projections/isea.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index 3a0a0a48..d53317c1 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -847,7 +847,7 @@ static long isea_disn(struct isea_dgg *g, int quad, struct isea_pt *di) { return g->serial; } /* hexes in a quad */ - hexes = lround(pow(g->aperture, g->resolution)); + hexes = lround(pow(static_cast(g->aperture), static_cast(g->resolution))); if (quad == 11) { g->serial = 1 + 10 * hexes + 1; return g->serial; -- cgit v1.2.3 From e1350cac43d5a9854207af3fb318a74be7fcd12f Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 17 Mar 2019 19:16:04 +0100 Subject: Fix some issues raised by latest cppcheck - coordinateoperation_internal.hpp: missing 'explicit' keyword - proj.cpp: unused 'generic' member in enumeration - init.cpp: useless assignment to a_orig and es_orig, because done again a few lines below. - crs.cpp: unused variable - datum.cpp: inefficient use of find() function - io.cpp: * missing 'static' qualifier for method * useles ternary test (left and right have same value) - aeqd.cpp: useless assignment of inv and fwd, snice done again a few lines below - isea.cpp: useless assignment of resolution and aperture since done again a few lines below, and with default values when params are absent - mod_ster.cpp: useless assignment of lp.lam, overriden in below code paths. - stere.cpp: false positive, but better not modify another variable than the iterator in a for() loop. --- src/projections/isea.cpp | 8 -------- 1 file changed, 8 deletions(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index d53317c1..fc74bebe 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -1051,14 +1051,6 @@ PJ *PROJECTION(isea) { Q->dgg.o_lat = pj_param(P->ctx,P->params, "rlat_0").f; } - if (pj_param(P->ctx,P->params, "taperture").i) { - Q->dgg.aperture = pj_param(P->ctx,P->params, "iaperture").i; - } - - if (pj_param(P->ctx,P->params, "tresolution").i) { - Q->dgg.resolution = pj_param(P->ctx,P->params, "iresolution").i; - } - opt = pj_param(P->ctx,P->params, "smode").s; if (opt) { if (!strcmp(opt, "plane")) { -- cgit v1.2.3 From fe01efca4e02d4ded4b397c6dcd0cd8ab8f6123a Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Wed, 20 Mar 2019 19:55:46 +0100 Subject: isea: detect various int overflows and div by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2199 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2241 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2390 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7674 Credit to OSS Fuzz --- src/projections/isea.cpp | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index fc74bebe..659ca790 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -10,6 +10,8 @@ #include #include +#include + #define PJ_LIB__ #include "proj_internal.h" #include "proj_math.h" @@ -89,6 +91,9 @@ static void hexbin2(double width, double x, double y, long *i, long *j) { y = y - x / 2.0; /* adjustment for rotated X */ /* adjust for actual hexwidth */ + if( width == 0 ) { + throw "Division by zero"; + } x /= width; y /= width; @@ -100,6 +105,9 @@ static void hexbin2(double width, double x, double y, long *i, long *j) { iy = lround(ry); rz = floor(z + 0.5); iz = lround(rz); + if( fabs(rx + ry + rz) > std::numeric_limits::max() ) { + throw "Integer overflow"; + } s = ix + iy + iz; @@ -764,11 +772,18 @@ static int isea_dddi(struct isea_dgg *g, int quad, struct isea_pt *pt, } /* todo might want to do this as an iterated loop */ if (g->aperture >0) { - sidelength = lround(pow(g->aperture, g->resolution / 2.0)); + double sidelengthDouble = pow(g->aperture, g->resolution / 2.0); + if( fabs(sidelengthDouble) > std::numeric_limits::max() ) { + throw "Integer overflow"; + } + sidelength = lround(sidelengthDouble); } else { sidelength = g->resolution; } + if( sidelength == 0 ) { + throw "Division by zero"; + } hexwidth = 1.0 / sidelength; v = *pt; @@ -1004,7 +1019,12 @@ static PJ_XY s_forward (PJ_LP lp, PJ *P) { /* Spheroidal, forward */ in.lon = lp.lam; in.lat = lp.phi; - out = isea_forward(&Q->dgg, &in); + try { + out = isea_forward(&Q->dgg, &in); + } catch( const char* ) { + proj_errno_set(P, PJD_ERR_NON_CONVERGENT); + return proj_coord_error().xy; + } xy.x = out.x; xy.y = out.y; -- cgit v1.2.3 From 93b119b0abcdf76ad2b01465c5109381837b387e Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 22 Mar 2019 16:11:52 +0100 Subject: Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2390 --- src/projections/isea.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index 659ca790..7dc890e0 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -105,7 +105,8 @@ static void hexbin2(double width, double x, double y, long *i, long *j) { iy = lround(ry); rz = floor(z + 0.5); iz = lround(rz); - if( fabs(rx + ry + rz) > std::numeric_limits::max() ) { + if( fabs(rx + ry) > std::numeric_limits::max() || + fabs(rx + ry + rz) > std::numeric_limits::max() ) { throw "Integer overflow"; } -- cgit v1.2.3 From 36beda51b769f1e61c33d8230a4718b2bdc6fe46 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 24 Mar 2019 12:56:09 +0100 Subject: isea: really fix integer overflow of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2390 --- src/projections/isea.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index 7dc890e0..18b1cf55 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -105,8 +105,8 @@ static void hexbin2(double width, double x, double y, long *i, long *j) { iy = lround(ry); rz = floor(z + 0.5); iz = lround(rz); - if( fabs(rx + ry) > std::numeric_limits::max() || - fabs(rx + ry + rz) > std::numeric_limits::max() ) { + if( fabs((double)ix + iy) > std::numeric_limits::max() || + fabs((double)ix + iy + iz) > std::numeric_limits::max() ) { throw "Integer overflow"; } -- cgit v1.2.3 From 095d2204f8bb05d172936aebbb1e9e44852c049f Mon Sep 17 00:00:00 2001 From: Chris Mayo Date: Fri, 29 Mar 2019 19:17:37 +0000 Subject: Remove duplicate instances of #include "proj_internal.h" Introduced by "Merge projects.h into proj_internal.h" 8ab6f683. --- src/projections/isea.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index 18b1cf55..28510cb0 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -13,10 +13,9 @@ #include #define PJ_LIB__ -#include "proj_internal.h" -#include "proj_math.h" #include "proj.h" #include "proj_internal.h" +#include "proj_math.h" #define DEG36 0.62831853071795864768 #define DEG72 1.25663706143591729537 -- cgit v1.2.3 From 4c8a5cb8c7f69dd227f03f32eb99b53ea0586aba Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Thu, 18 Apr 2019 22:12:55 +0200 Subject: isea: avoid invalid integer shift Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14286 Credit to OSS Fuzz --- src/projections/isea.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index 28510cb0..e8720b27 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -898,6 +898,10 @@ static int isea_hex(struct isea_dgg *g, int tri, quad = isea_ptdi(g, tri, pt, &v); + if( v.x < (INT_MIN >> 4) || v.x > (INT_MAX >> 4) ) + { + throw "Invalid shift"; + } hex->x = ((int)v.x << 4) + quad; hex->y = v.y; -- cgit v1.2.3 From 00980bf63fae6d350f425c44a648f33d7c09a931 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 26 Apr 2019 18:18:30 +0200 Subject: Prefix inverse and forward functions by their projection names This is mostly to have better OSSFuzz report. Currently a lot of bug summaries are like `proj4/standard_fuzzer: Divide-by-zero in s_inverse` By prefixing the projection name, we will get better reports, like `Divide-by-zero in airy_s_inverse` This also makes it slightly easier to set a breakpoint by function name. --- src/projections/isea.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/projections/isea.cpp') diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp index e8720b27..c22e143d 100644 --- a/src/projections/isea.cpp +++ b/src/projections/isea.cpp @@ -1014,7 +1014,7 @@ struct pj_opaque { } // anonymous namespace -static PJ_XY s_forward (PJ_LP lp, PJ *P) { /* Spheroidal, forward */ +static PJ_XY isea_s_forward (PJ_LP lp, PJ *P) { /* Spheroidal, forward */ PJ_XY xy = {0.0,0.0}; struct pj_opaque *Q = static_cast(P->opaque); struct isea_pt out; @@ -1045,7 +1045,7 @@ PJ *PROJECTION(isea) { P->opaque = Q; - P->fwd = s_forward; + P->fwd = isea_s_forward; isea_grid_init(&Q->dgg); Q->dgg.output = ISEA_PLANE; -- cgit v1.2.3