From 0d1eeb16dd0a574d81ba0eaeea430f1be105a038 Mon Sep 17 00:00:00 2001
From: Kristian Evers <kristianevers@gmail.com>
Date: Tue, 31 Oct 2017 13:05:15 +0100
Subject: Fix heap-buffer-overflow in proj_hgrid_init.

Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3940

Credit to OSS-Fuzz.
---
 src/pj_apply_gridshift.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/pj_apply_gridshift.c b/src/pj_apply_gridshift.c
index 45887abd..7d9ac94b 100644
--- a/src/pj_apply_gridshift.c
+++ b/src/pj_apply_gridshift.c
@@ -273,7 +273,7 @@ int proj_hgrid_init(PJ* P, const char *grids) {
 ***********************************************/
 
     /* prepend "s" to the "grids" string to allow usage with pj_param */
-    char *sgrids = (char *) pj_malloc( (strlen(grids)+1) *sizeof(char) );
+    char *sgrids = (char *) pj_malloc( (strlen(grids)+1+1) *sizeof(char) );
     sprintf(sgrids, "%s%s", "s", grids);
 
     if (P->gridlist == NULL) {
-- 
cgit v1.2.3