From d109f6e826e7a2542d7e1bd50cc62e5fa9ac373e Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 11 Jan 2018 12:13:47 +0100
Subject: PJ_axisswap.c: validate axis value. Fixes
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5073. Credit to OSS
 Fuzz. master only

---
 src/PJ_axisswap.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/PJ_axisswap.c b/src/PJ_axisswap.c
index bb22f41e..0d1683b4 100644
--- a/src/PJ_axisswap.c
+++ b/src/PJ_axisswap.c
@@ -192,6 +192,10 @@ PJ *CONVERSION(axisswap,0) {
         /* read axes numbers and signs */
         for ( s = order, n = 0; *s != '\0' && n < 4; ) {
             Q->axis[n] = abs(atoi(s))-1;
+            if (Q->axis[n] <= 0 || Q->axis[n] > 3) {
+                proj_log_error(P, "axisswap: invalid axis '%d'", Q->axis[n]);
+                return pj_default_destructor(P, PJD_ERR_AXIS);
+            }
             Q->sign[n++] = sign(atoi(s));
             while ( *s != '\0' && *s != ',' )
                 s++;
-- 
cgit v1.2.3