From 17f2f7cf8bcaa5a4edc9e94d2bd6d8e633455c03 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Wed, 20 Mar 2019 22:22:38 +0100 Subject: lcc: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12935 Credit to OSS Fuzz --- src/projections/lcc.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index a1fe79a9..5eee0d14 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -108,6 +108,10 @@ PJ *PROJECTION(lcc) { if (secant) { /* secant cone */ sinphi = sin(Q->phi2); Q->n = log(m1 / pj_msfn(sinphi, cos(Q->phi2), P->es)); + if (Q->n == 0) { + // Not quite, but es is very close to 1... + return pj_default_destructor(P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + } Q->n /= log(ml1 / pj_tsfn(Q->phi2, sinphi, P->e)); } Q->c = (Q->rho0 = m1 * pow(ml1, -Q->n) / Q->n); -- cgit v1.2.3 From ad889fc63abd2b1352e107c947ed589108cc7bc0 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 24 Mar 2019 16:50:52 +0100 Subject: lcc: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13892 Credit to OSS Fuzz --- src/projections/lcc.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index 5eee0d14..55d28b80 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -105,6 +105,9 @@ PJ *PROJECTION(lcc) { m1 = pj_msfn(sinphi, cosphi, P->es); ml1 = pj_tsfn(Q->phi1, sinphi, P->e); + if( ml1 == 0 ) { + return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); + } if (secant) { /* secant cone */ sinphi = sin(Q->phi2); Q->n = log(m1 / pj_msfn(sinphi, cos(Q->phi2), P->es)); @@ -112,7 +115,11 @@ PJ *PROJECTION(lcc) { // Not quite, but es is very close to 1... return pj_default_destructor(P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); } - Q->n /= log(ml1 / pj_tsfn(Q->phi2, sinphi, P->e)); + const double ml2 = pj_tsfn(Q->phi2, sinphi, P->e); + if( ml2 == 0 ) { + return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); + } + Q->n /= log(ml1 / ml2); } Q->c = (Q->rho0 = m1 * pow(ml1, -Q->n) / Q->n); Q->rho0 *= (fabs(fabs(P->phi0) - M_HALFPI) < EPS10) ? 0. : -- cgit v1.2.3 From 70ed3efe60718be74d73d92ec2d121e2de268e53 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Thu, 4 Apr 2019 22:36:00 +0200 Subject: Reject negative e parameter to avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14044 Credit to OSS Fuzz --- src/projections/lcc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index 55d28b80..3e93f98c 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -113,7 +113,7 @@ PJ *PROJECTION(lcc) { Q->n = log(m1 / pj_msfn(sinphi, cos(Q->phi2), P->es)); if (Q->n == 0) { // Not quite, but es is very close to 1... - return pj_default_destructor(P, PJD_ERR_ECCENTRICITY_IS_ONE_OR_GREATER); + return pj_default_destructor(P, PJD_ERR_INVALID_ECCENTRICITY); } const double ml2 = pj_tsfn(Q->phi2, sinphi, P->e); if( ml2 == 0 ) { -- cgit v1.2.3 From 97de772e16281fad460a1469c34cd37ff42bcefb Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 5 Apr 2019 13:25:17 +0200 Subject: lcc: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14058 Credit to OSS Fuzz --- src/projections/lcc.cpp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index 3e93f98c..8cc743a9 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -125,6 +125,9 @@ PJ *PROJECTION(lcc) { Q->rho0 *= (fabs(fabs(P->phi0) - M_HALFPI) < EPS10) ? 0. : pow(pj_tsfn(P->phi0, sin(P->phi0), P->e), Q->n); } else { + if( fabs(cosphi) < EPS10 || fabs(cos(Q->phi2)) < EPS10 ) { + return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); + } if (secant) Q->n = log(cosphi / cos(Q->phi2)) / log(tan(M_FORTPI + .5 * Q->phi2) / -- cgit v1.2.3 From 33f81359efd93ccd4bf59cc4f6b68c6363042f97 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 12 Apr 2019 18:21:22 +0200 Subject: Validate lat_0 range in general case, lat_1 and lat_2 for lcc and eqdc Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14211 Credit to OSS Fuzz --- src/projections/lcc.cpp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index 8cc743a9..aca025be 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -94,6 +94,8 @@ PJ *PROJECTION(lcc) { if (!pj_param(P->ctx, P->params, "tlat_0").i) P->phi0 = Q->phi1; } + if (fabs(Q->phi1) > M_HALFPI || fabs(Q->phi2) > M_HALFPI) + return pj_default_destructor(P, PJD_ERR_LAT_LARGER_THAN_90); if (fabs(Q->phi1 + Q->phi2) < EPS10) return pj_default_destructor(P, PJD_ERR_CONIC_LAT_EQUAL); -- cgit v1.2.3 From 47db7804524066e74fd787bdd0d7f2ba8394c220 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 14 Apr 2019 20:11:17 +0200 Subject: lcc: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14250 Credit to OSS Fuzz --- src/projections/lcc.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index aca025be..a101009d 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -121,7 +121,12 @@ PJ *PROJECTION(lcc) { if( ml2 == 0 ) { return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); } - Q->n /= log(ml1 / ml2); + const double denom = log(ml1 / ml2); + if( denom == 0 ) { + // Not quite, but es is very close to 1... + return pj_default_destructor(P, PJD_ERR_INVALID_ECCENTRICITY); + } + Q->n /= denom; } Q->c = (Q->rho0 = m1 * pow(ml1, -Q->n) / Q->n); Q->rho0 *= (fabs(fabs(P->phi0) - M_HALFPI) < EPS10) ? 0. : -- cgit v1.2.3 From 00980bf63fae6d350f425c44a648f33d7c09a931 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 26 Apr 2019 18:18:30 +0200 Subject: Prefix inverse and forward functions by their projection names This is mostly to have better OSSFuzz report. Currently a lot of bug summaries are like `proj4/standard_fuzzer: Divide-by-zero in s_inverse` By prefixing the projection name, we will get better reports, like `Divide-by-zero in airy_s_inverse` This also makes it slightly easier to set a breakpoint by function name. --- src/projections/lcc.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/projections/lcc.cpp') diff --git a/src/projections/lcc.cpp b/src/projections/lcc.cpp index a101009d..beb2efd1 100644 --- a/src/projections/lcc.cpp +++ b/src/projections/lcc.cpp @@ -20,7 +20,7 @@ struct pj_opaque { } // anonymous namespace -static PJ_XY e_forward (PJ_LP lp, PJ *P) { /* Ellipsoidal, forward */ +static PJ_XY lcc_e_forward (PJ_LP lp, PJ *P) { /* Ellipsoidal, forward */ PJ_XY xy = {0., 0.}; struct pj_opaque *Q = static_cast(P->opaque); double rho; @@ -43,7 +43,7 @@ static PJ_XY e_forward (PJ_LP lp, PJ *P) { /* Ellipsoidal, forward */ } -static PJ_LP e_inverse (PJ_XY xy, PJ *P) { /* Ellipsoidal, inverse */ +static PJ_LP lcc_e_inverse (PJ_XY xy, PJ *P) { /* Ellipsoidal, inverse */ PJ_LP lp = {0., 0.}; struct pj_opaque *Q = static_cast(P->opaque); double rho; @@ -144,8 +144,8 @@ PJ *PROJECTION(lcc) { Q->c * pow(tan(M_FORTPI + .5 * P->phi0), -Q->n); } - P->inv = e_inverse; - P->fwd = e_forward; + P->inv = lcc_e_inverse; + P->fwd = lcc_e_forward; return P; } -- cgit v1.2.3