From 884da6cc0a2d9e85927fe30ba90d535db9d65317 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 29 Mar 2019 22:45:01 +0100 Subject: unitconvert: prevent division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13947 Credit to OSS Fuzz --- src/conversions/unitconvert.cpp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/conversions/unitconvert.cpp b/src/conversions/unitconvert.cpp index 1e3372d6..d7edea55 100644 --- a/src/conversions/unitconvert.cpp +++ b/src/conversions/unitconvert.cpp @@ -473,11 +473,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "xy_in unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dxy_in").f) == 0.0) + f = pj_param (P->ctx, P->params, "dxy_in").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->xy_factor *= f; + Q->xy_factor = f; if (normalized_name != nullptr && strcmp(normalized_name, "Radian") == 0) P->left = PJ_IO_UNITS_RADIANS; } @@ -488,11 +488,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "xy_out unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dxy_out").f) == 0.0) + f = pj_param (P->ctx, P->params, "dxy_out").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->xy_factor /= f; + Q->xy_factor /= f; if (normalized_name != nullptr && strcmp(normalized_name, "Radian") == 0) P->right= PJ_IO_UNITS_RADIANS; } @@ -509,11 +509,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "z_in unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dz_in").f) == 0.0) + f = pj_param (P->ctx, P->params, "dz_in").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->z_factor *= f; + Q->z_factor = f; } if ((name = pj_param (P->ctx, P->params, "sz_out").s) != nullptr) { @@ -522,11 +522,11 @@ PJ *CONVERSION(unitconvert,0) { if (f != 0.0) { proj_log_debug(P, "z_out unit: %s", normalized_name); } else { - if ( (f = pj_param (P->ctx, P->params, "dz_out").f) == 0.0) + f = pj_param (P->ctx, P->params, "dz_out").f; + if (f == 0.0 || 1.0 / f == 0.0) return pj_default_destructor(P, PJD_ERR_UNKNOWN_UNIT_ID); } - if (f != 0.0) - Q->z_factor /= f; + Q->z_factor /= f; } if( z_in_is_linear >= 0 && z_out_is_linear >= 0 && -- cgit v1.2.3 From ff1e495525969352f83507950dd4e1fd3cec69c2 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 29 Mar 2019 23:09:16 +0100 Subject: tpeqd: avoid division by zero Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13948 Credit to OSS Fuzz --- src/projections/tpeqd.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/projections/tpeqd.cpp b/src/projections/tpeqd.cpp index 20921de4..9904bb8c 100644 --- a/src/projections/tpeqd.cpp +++ b/src/projections/tpeqd.cpp @@ -87,6 +87,10 @@ PJ *PROJECTION(tpeqd) { Q->sc = Q->sp1 * Q->cp2; Q->ccs = Q->cp1 * Q->cp2 * sin(Q->dlam2); Q->z02 = aacos(P->ctx, Q->sp1 * Q->sp2 + Q->cp1 * Q->cp2 * cos (Q->dlam2)); + if( Q->z02 == 0.0 ) { + // Actually happens when both lat_1 = lat_2 and |lat_1| = 90 + return pj_default_destructor(P, PJD_ERR_LAT_1_OR_2_ZERO_OR_90); + } Q->hz0 = .5 * Q->z02; A12 = atan2(Q->cp2 * sin (Q->dlam2), Q->cp1 * Q->sp2 - Q->sp1 * Q->cp2 * cos (Q->dlam2)); -- cgit v1.2.3