Skip to content

Commit 8409e8e

Browse files
rouaultrouault
committed
GeographicBoundingBox::intersection(): avoid infinite recursion and stack overflow on invalid bounding boxes
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57328
1 parent 8d1e09d commit 8409e8e

File tree

2 files changed

+30
-7
lines changed

2 files changed

+30
-7
lines changed

src/iso19111/metadata.cpp

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -421,6 +421,13 @@ GeographicBoundingBox::Private::intersection(const Private &otherExtent) const {
421421
return nullptr;
422422
}
423423

424+
// Bail out on longitudes not in [-180,180]. We could probably make
425+
// some sense of them, but this check at least avoid potential infinite
426+
// recursion.
427+
if (oW > 180 || oE < -180) {
428+
return nullptr;
429+
}
430+
424431
// Return larger of two parts of the multipolygon
425432
auto inter1 = intersection(Private(oW, oS, 180.0, oN));
426433
auto inter2 = intersection(Private(-180.0, oS, oE, oN));

test/unit/test_metadata.cpp

Lines changed: 23 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -284,13 +284,15 @@ TEST(metadata, extent_edge_cases) {
284284
optional<std::string>(), std::vector<GeographicExtentNNPtr>(),
285285
std::vector<VerticalExtentNNPtr>(), std::vector<TemporalExtentNNPtr>());
286286

287-
auto A = Extent::createFromBBOX(-180, -90, 180, 90);
288-
auto B = Extent::createFromBBOX(180, -90, 180, 90);
289-
EXPECT_FALSE(A->intersects(B));
290-
EXPECT_FALSE(B->intersects(A));
291-
EXPECT_FALSE(A->contains(B));
292-
EXPECT_TRUE(A->intersection(B) == nullptr);
293-
EXPECT_TRUE(B->intersection(A) == nullptr);
287+
{
288+
auto A = Extent::createFromBBOX(-180, -90, 180, 90);
289+
auto B = Extent::createFromBBOX(180, -90, 180, 90);
290+
EXPECT_FALSE(A->intersects(B));
291+
EXPECT_FALSE(B->intersects(A));
292+
EXPECT_FALSE(A->contains(B));
293+
EXPECT_TRUE(A->intersection(B) == nullptr);
294+
EXPECT_TRUE(B->intersection(A) == nullptr);
295+
}
294296

295297
EXPECT_THROW(Extent::createFromBBOX(
296298
std::numeric_limits<double>::quiet_NaN(), -90, 180, 90),
@@ -304,6 +306,20 @@ TEST(metadata, extent_edge_cases) {
304306
EXPECT_THROW(Extent::createFromBBOX(
305307
-180, -90, 180, std::numeric_limits<double>::quiet_NaN()),
306308
InvalidValueTypeException);
309+
310+
// Scenario of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57328
311+
{
312+
auto A = Extent::createFromBBOX(0, 1, 2, 3);
313+
auto B = Extent::createFromBBOX(200, -80, -100, 80);
314+
EXPECT_TRUE(A->intersection(B) == nullptr);
315+
EXPECT_TRUE(B->intersection(A) == nullptr);
316+
}
317+
{
318+
auto A = Extent::createFromBBOX(0, 1, 2, 3);
319+
auto B = Extent::createFromBBOX(100, -80, -200, 80);
320+
EXPECT_TRUE(A->intersection(B) == nullptr);
321+
EXPECT_TRUE(B->intersection(A) == nullptr);
322+
}
307323
}
308324

309325
// ---------------------------------------------------------------------------

0 commit comments

Comments
 (0)