Opened 7 years ago
Closed 7 years ago
#6969 closed defect (fixed)
AddressSanitizer: heap-buffer-overflow degrib1.cpp:1199 in ReadGrib1Sect3
Reported by: | Kurt Schwehr | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | default | Version: | unspecified |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
Found by autofuzz. I don't follow the tracking of memory with bms and how to check for a buffer overflow in ReadGrib1Sect3.
#0 0xa1b133 in ReadGrib1Sect3(unsigned char*, unsigned int, unsigned int*, unsigned char*, unsigned int) frmts/grib/degrib18/degrib/degrib1.cpp:1199:15 #1 0xa16d08 in ReadGrib1Record(DataSource&, signed char, double**, unsigned int*, grib_MetaData*, IS_dataType*, int*, unsigned int, double, double) frmts/grib/degrib18/degrib/degrib1.cpp:1855:11 #2 0x78e687 in ReadGrib2Record frmts/grib/degrib18/degrib/degrib2.cpp:894:14 #3 0x509a49 in GRIBRasterBand::ReadGribData(DataSource&, int, int, double**, grib_MetaData**) frmts/grib/gribdataset.cpp:420:5 #4 0x50ad96 in GRIBDataset::Open(GDALOpenInfo*) frmts/grib/gribdataset.cpp:649:13
allocated here:
#1 0xa1635c in ReadGrib1Record(DataSource&, signed char, double**, unsigned int*, grib_MetaData*, IS_dataType*, int*, unsigned int, double, double) frmts/grib/degrib18/degrib/degrib1.cpp:1763:29
Attachments (1)
Change History (4)
by , 7 years ago
Attachment: | poc-bc68364d7104c3b584bd44d68d6b4553bd23bcfbe0992bf83008e9f594acdd9b added |
---|
comment:1 by , 7 years ago
Description: | modified (diff) |
---|
comment:3 by , 7 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
AddressSanitizer: heap-buffer-overflow frmts/grib/degrib18/degrib/degrib1.cpp:1199 in ReadGrib1Sect3