From 4c8a5cb8c7f69dd227f03f32eb99b53ea0586aba Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 18 Apr 2019 22:12:55 +0200
Subject: isea: avoid invalid integer shift

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14286
Credit to OSS Fuzz
---
 src/projections/isea.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/projections/isea.cpp b/src/projections/isea.cpp
index 28510cb0..e8720b27 100644
--- a/src/projections/isea.cpp
+++ b/src/projections/isea.cpp
@@ -898,6 +898,10 @@ static int isea_hex(struct isea_dgg *g, int tri,
 
     quad = isea_ptdi(g, tri, pt, &v);
 
+    if( v.x < (INT_MIN >> 4) || v.x > (INT_MAX >> 4) )
+    {
+        throw "Invalid shift";
+    }
     hex->x = ((int)v.x << 4) + quad;
     hex->y = v.y;
 
-- 
cgit v1.2.3


From 3f6c53ccee6062df95c595a0ea5b8cbed7e7f199 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 18 Apr 2019 22:19:59 +0200
Subject: tpers: avoid division by zero

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14342
Credit to OSS Fuzz
---
 src/projections/nsper.cpp | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/projections/nsper.cpp b/src/projections/nsper.cpp
index a0bb5686..37938924 100644
--- a/src/projections/nsper.cpp
+++ b/src/projections/nsper.cpp
@@ -96,7 +96,7 @@ static PJ_XY s_forward (PJ_LP lp, PJ *P) {           /* Spheroidal, forward */
 static PJ_LP s_inverse (PJ_XY xy, PJ *P) {           /* Spheroidal, inverse */
     PJ_LP lp = {0.0,0.0};
     struct pj_opaque *Q = static_cast<struct pj_opaque*>(P->opaque);
-    double  rh, cosz, sinz;
+    double  rh;
 
     if (Q->tilt) {
         double bm, bq, yt;
@@ -108,16 +108,18 @@ static PJ_LP s_inverse (PJ_XY xy, PJ *P) {           /* Spheroidal, inverse */
         xy.y = bq * Q->cg - bm * Q->sg;
     }
     rh = hypot(xy.x, xy.y);
-    if ((sinz = 1. - rh * rh * Q->pfact) < 0.) {
-        proj_errno_set(P, PJD_ERR_TOLERANCE_CONDITION);
-        return lp;
-    }
-    sinz = (Q->p - sqrt(sinz)) / (Q->pn1 / rh + rh / Q->pn1);
-    cosz = sqrt(1. - sinz * sinz);
     if (fabs(rh) <= EPS10) {
         lp.lam = 0.;
         lp.phi = P->phi0;
     } else {
+        double cosz, sinz;
+        sinz = 1. - rh * rh * Q->pfact;
+        if (sinz < 0.) {
+            proj_errno_set(P, PJD_ERR_TOLERANCE_CONDITION);
+            return lp;
+        }
+        sinz = (Q->p - sqrt(sinz)) / (Q->pn1 / rh + rh / Q->pn1);
+        cosz = sqrt(1. - sinz * sinz);
         switch (Q->mode) {
         case OBLIQ:
             lp.phi = asin(cosz * Q->sinph0 + xy.y * sinz * Q->cosph0 / rh);
-- 
cgit v1.2.3