Description
reproject() accepts several user-controlled grid parameters that are not range-checked:
| Parameter |
Bad input today |
resolution |
0 -> raw ZeroDivisionError in _grid.py:163-200; negative -> silently produces backwards coords |
width / height |
0 -> ZeroDivisionError; negative -> max(1, int(round(neg))) keeps a negative res_x, output is silently wrong |
bounds |
(10, 10, 0, 0) (right < left, top < bottom) -> negative res_x, res_y -> output coords descending and downstream resampler emits all-nodata silently |
transform_precision |
-1 -> np.linspace(0, end, 0) empty -> IndexError from _bilinear_interp_2ch indexing gr[-1] |
Expected behavior
Each parameter is range-checked at the top of reproject(). Bad input raises a clean ValueError with a message naming the offending parameter.
Proposed fix
resolution: must be a positive finite scalar or 2-tuple of same.width / height: must be a positive int.bounds: must be a 4-tuple of finite floats with right > left and top > bottom.transform_precision: must be a non-negative int.
merge() consumes the same resolution / bounds parameters so the same checks apply there.
Description
reproject()accepts several user-controlled grid parameters that are not range-checked:resolution0-> rawZeroDivisionErrorin_grid.py:163-200; negative -> silently produces backwards coordswidth/height0->ZeroDivisionError; negative ->max(1, int(round(neg)))keeps a negativeres_x, output is silently wrongbounds(10, 10, 0, 0)(right < left, top < bottom) -> negativeres_x,res_y-> output coords descending and downstream resampler emits all-nodata silentlytransform_precision-1->np.linspace(0, end, 0)empty ->IndexErrorfrom_bilinear_interp_2chindexinggr[-1]Expected behavior
Each parameter is range-checked at the top of
reproject(). Bad input raises a cleanValueErrorwith a message naming the offending parameter.Proposed fix
resolution: must be a positive finite scalar or 2-tuple of same.width/height: must be a positive int.bounds: must be a 4-tuple of finite floats withright > leftandtop > bottom.transform_precision: must be a non-negative int.merge()consumes the sameresolution/boundsparameters so the same checks apply there.