Skip to content

Commit eb2c483

Browse files
tomhughestomhughes
committed
Fix buffer overflow.
1 parent afce280 commit eb2c483

1 file changed

Lines changed: 11 additions & 3 deletions

File tree

reprojection.c

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ static struct Projection_Info custom_projection;
3737
// assumed to refer to EPSG codes and it uses the proj4 to find those.
3838
void project_init(int proj)
3939
{
40-
char buffer[16];
40+
char buffer[32];
4141
Proj = proj;
4242

4343
if( proj == PROJ_LATLONG )
@@ -48,7 +48,11 @@ void project_init(int proj)
4848
pj_merc = pj_init_plus( Projection_Info[proj].proj4text );
4949
else if( proj < 0 )
5050
{
51-
sprintf( buffer, "+init=epsg:%d", -proj );
51+
if( snprintf( buffer, sizeof(buffer), "+init=epsg:%d", -proj ) >= (int)sizeof(buffer) )
52+
{
53+
fprintf( stderr, "Buffer overflow computing proj4 initialisation string\n" );
54+
exit(1);
55+
}
5256
pj_merc = pj_init_plus( buffer );
5357
if( !pj_merc )
5458
{
@@ -66,7 +70,11 @@ void project_init(int proj)
6670
return;
6771
custom_projection.srs = -proj;
6872
custom_projection.proj4text = pj_get_def( pj_merc, 0 );
69-
sprintf( buffer, "EPSG:%d", -proj );
73+
if( snprintf( buffer, sizeof(buffer), "EPSG:%d", -proj ) >= (int)sizeof(buffer) )
74+
{
75+
fprintf( stderr, "Buffer overflow computing projection description\n" );
76+
exit(1);
77+
}
7078
custom_projection.descr = strdup(buffer);
7179
custom_projection.option = "-E";
7280
return;

0 commit comments

Comments
 (0)