Skip to content

Commit

Permalink
Merge pull request OSGeo#3918 from rouault/fix_ossfuzz_60084
Browse files Browse the repository at this point in the history
GeographicBoundingBox::intersects(): avoid infinite recursion and stack overflow on invalid bounding boxes
  • Loading branch information
rouault authored Oct 12, 2023
2 parents 2040e68 + 0b51b1b commit 61003c9
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/iso19111/metadata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -343,6 +343,13 @@ bool GeographicBoundingBox::Private::intersects(const Private &other) const {
return false;
}

// Bail out on longitudes not in [-180,180]. We could probably make
// some sense of them, but this check at least avoid potential infinite
// recursion.
if (oW > 180 || oE < -180) {
return false;
}

return intersects(Private(oW, oS, 180.0, oN)) ||
intersects(Private(-180.0, oS, oE, oN));

Expand Down
5 changes: 5 additions & 0 deletions test/unit/test_metadata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -308,15 +308,20 @@ TEST(metadata, extent_edge_cases) {
InvalidValueTypeException);

// Scenario of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57328
// and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60084
{
auto A = Extent::createFromBBOX(0, 1, 2, 3);
auto B = Extent::createFromBBOX(200, -80, -100, 80);
EXPECT_FALSE(A->intersects(B));
EXPECT_FALSE(B->intersects(A));
EXPECT_TRUE(A->intersection(B) == nullptr);
EXPECT_TRUE(B->intersection(A) == nullptr);
}
{
auto A = Extent::createFromBBOX(0, 1, 2, 3);
auto B = Extent::createFromBBOX(100, -80, -200, 80);
EXPECT_FALSE(A->intersects(B));
EXPECT_FALSE(B->intersects(A));
EXPECT_TRUE(A->intersection(B) == nullptr);
EXPECT_TRUE(B->intersection(A) == nullptr);
}
Expand Down

0 comments on commit 61003c9

Please sign in to comment.