Skip to content

Commit

Permalink
GeographicBoundingBox::intersection(): avoid infinite recursion and s…
Browse files Browse the repository at this point in the history
…tack overflow on invalid bounding boxes

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57328
  • Loading branch information
rouault committed Jun 21, 2023
1 parent 8d1e09d commit 8409e8e
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 7 deletions.
7 changes: 7 additions & 0 deletions src/iso19111/metadata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,13 @@ GeographicBoundingBox::Private::intersection(const Private &otherExtent) const {
return nullptr;
}

// Bail out on longitudes not in [-180,180]. We could probably make
// some sense of them, but this check at least avoid potential infinite
// recursion.
if (oW > 180 || oE < -180) {
return nullptr;
}

// Return larger of two parts of the multipolygon
auto inter1 = intersection(Private(oW, oS, 180.0, oN));
auto inter2 = intersection(Private(-180.0, oS, oE, oN));
Expand Down
30 changes: 23 additions & 7 deletions test/unit/test_metadata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -284,13 +284,15 @@ TEST(metadata, extent_edge_cases) {
optional<std::string>(), std::vector<GeographicExtentNNPtr>(),
std::vector<VerticalExtentNNPtr>(), std::vector<TemporalExtentNNPtr>());

auto A = Extent::createFromBBOX(-180, -90, 180, 90);
auto B = Extent::createFromBBOX(180, -90, 180, 90);
EXPECT_FALSE(A->intersects(B));
EXPECT_FALSE(B->intersects(A));
EXPECT_FALSE(A->contains(B));
EXPECT_TRUE(A->intersection(B) == nullptr);
EXPECT_TRUE(B->intersection(A) == nullptr);
{
auto A = Extent::createFromBBOX(-180, -90, 180, 90);
auto B = Extent::createFromBBOX(180, -90, 180, 90);
EXPECT_FALSE(A->intersects(B));
EXPECT_FALSE(B->intersects(A));
EXPECT_FALSE(A->contains(B));
EXPECT_TRUE(A->intersection(B) == nullptr);
EXPECT_TRUE(B->intersection(A) == nullptr);
}

EXPECT_THROW(Extent::createFromBBOX(
std::numeric_limits<double>::quiet_NaN(), -90, 180, 90),
Expand All @@ -304,6 +306,20 @@ TEST(metadata, extent_edge_cases) {
EXPECT_THROW(Extent::createFromBBOX(
-180, -90, 180, std::numeric_limits<double>::quiet_NaN()),
InvalidValueTypeException);

// Scenario of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57328
{
auto A = Extent::createFromBBOX(0, 1, 2, 3);
auto B = Extent::createFromBBOX(200, -80, -100, 80);
EXPECT_TRUE(A->intersection(B) == nullptr);
EXPECT_TRUE(B->intersection(A) == nullptr);
}
{
auto A = Extent::createFromBBOX(0, 1, 2, 3);
auto B = Extent::createFromBBOX(100, -80, -200, 80);
EXPECT_TRUE(A->intersection(B) == nullptr);
EXPECT_TRUE(B->intersection(A) == nullptr);
}
}

// ---------------------------------------------------------------------------
Expand Down

0 comments on commit 8409e8e

Please sign in to comment.