EGM96 can read past end of buffer

[paulAtSafe]

Summary:

When applying an EGM96 vertical grid offset near the east-most 12 cell columns, values may be read from invalid memory. This is most interesting when the latitude is not exactly on a cell boundary.

Details:

By default, the EGM96 vertical grid calculation caches two latitude "rows" worth of data in memory. Once this buffer is populated, the subsequent code assumes it's possible to read four values from it: the north-west cell, the north-east cell, the south-west cell, and the south-east cell. The first two of these will be found on the first row of the buffer, and the second two will be found on the second row of the buffer.

The problem is that while the buffer is (by default) two rows big, the start position doesn't account for the 48 byte header (6 doubles * 8 bytes each) and so reads of rightmost 12 columns (12 floats * 4 bytes each) can read past the end.

Reproduction steps:

I have reproduced this in FME (www.safe.com), which embeds CS-MAP. If there is a preferred way to submit reproduction packages here, I would consider that.

For the shipped WW15MGH.GRD file, the correct offset for (359.875E, 89.875N) is 13.75475m. The current version of CS-MAP returns an undefined value (6.803m in my case).

I've attached a patch which resolves the issue.

[paulAtSafe]

patch

[Norm Olsen]

Problem corrected at Revision 2497. Changes suggested by Trac Ticket author's patch were manually made as the line number references in the patch were severely out of date.

Tested using the CStestT.cpp module of the Console Test application.