[gpsd-dev] wsg_separation Issue

[Bywater, Rick (SA-1)]

All,

 

I was running Coverity on gpsd-2.39 and it complained about an array-bounds issue in geoid.c in the function wsg84_separation.  It suggested that the code was accessing element 846 of 703 in the call to bilinear at the end of the function.

 

I have no knowledge of gpsd, really, only that I was asked to run the tool on the project.  So, it took me a while to digest the code and what it was trying to accomplish.  Now that I have, I am of the opinion that the “sanity check” code is problematic.  By my read, wsg84_separation is called with a lat/log presumably in the ranges -90 to +90, and -180 to +180, respectively.  Those values are converted into indices into geoid_delta_table, ilat and ilon, which are in decades (ranged 0-19 and 0-37, respectively).  When the sanity check is performed, it is against the ilat/ilon values, and against the latitude and longitude ranges, which would pass with a broad range of invalid value.  In my opinion, the correct code is as follows:

 

    /* sanity checks to prevent segfault on bad data */

    if ((lat > 90.) || (lat < -90.)) {

        return 0.0;

    }

    if ((lon > 180.) || (lon < -180.)) {

        return 0.0;

    }

 

    ilat = (int)floor((90. + lat) / 10);

    ilon = (int)floor((180. + lon) / 10);

 

Since I have no stake in gpsd, I am bringing it to your attention so that someone associated with the project can address the issue.

 

Best regards,

Rick Bywater

NOTICE: This e-mail transmission (and/or the attachments accompanying it) may contain confidential or proprietary information belonging to DRS Technologies or the sender. The information is only for the use of the intended recipient. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. Any unauthorized interception of this transmission is illegal under the law. If you have received this transmission in error, please promptly notify the sender by reply e-mail, and then destroy all copies of the transmission.

"This (document/presentation) may contain technical data as defined in the International Traffic In Arms Regulations (ITAR) 22 CFR 120.10. Export of this material is restricted by the Arms Export Control Act (22 U.S.C. 2751 et seq.) and may not be exported to foreign persons without prior written approval from the U.S. Department of State."   ­­  

smime.p7s
Description: S/MIME cryptographic signature