Context Navigation

← Previous Ticket
Next Ticket →

#6969 closed defect (fixed)

AddressSanitizer: heap-buffer-overflow degrib1.cpp:1199 in ReadGrib1Sect3

Reported by:	Kurt Schwehr	Owned by:	warmerdam
Priority:	normal	Milestone:
Component:	default	Version:	unspecified
Severity:	normal	Keywords:
Cc:

Description (last modified by Kurt Schwehr)

Found by autofuzz. I don't follow the tracking of memory with bms and how to check for a buffer overflow in ReadGrib1Sect3.

    #0 0xa1b133 in ReadGrib1Sect3(unsigned char*, unsigned int, unsigned int*, unsigned char*, unsigned int) frmts/grib/degrib18/degrib/degrib1.cpp:1199:15
    #1 0xa16d08 in ReadGrib1Record(DataSource&, signed char, double**, unsigned int*, grib_MetaData*, IS_dataType*, int*, unsigned int, double, double) frmts/grib/degrib18/degrib/degrib1.cpp:1855:11
    #2 0x78e687 in ReadGrib2Record frmts/grib/degrib18/degrib/degrib2.cpp:894:14
    #3 0x509a49 in GRIBRasterBand::ReadGribData(DataSource&, int, int, double**, grib_MetaData**) frmts/grib/gribdataset.cpp:420:5
    #4 0x50ad96 in GRIBDataset::Open(GDALOpenInfo*) frmts/grib/gribdataset.cpp:649:13

allocated here:

    #1 0xa1635c in ReadGrib1Record(DataSource&, signed char, double**, unsigned int*, grib_MetaData*, IS_dataType*, int*, unsigned int, double, double) frmts/grib/degrib18/degrib/degrib1.cpp:1763:29

Attachments (1)

poc-bc68364d7104c3b584bd44d68d6b4553bd23bcfbe0992bf83008e9f594acdd9b (178 bytes ) - added by Kurt Schwehr 7 years ago.: AddressSanitizer: heap-buffer-overflow frmts/grib/degrib18/degrib/degrib1.cpp:1199 in ReadGrib1Sect3

Download all attachments as: .zip

Change History (4)

by Kurt Schwehr, 7 years ago

Attachment:	poc-bc68364d7104c3b584bd44d68d6b4553bd23bcfbe0992bf83008e9f594acdd9b added

AddressSanitizer: heap-buffer-overflow frmts/grib/degrib18/degrib/degrib1.cpp:1199 in ReadGrib1Sect3

comment:1 by Kurt Schwehr, 7 years ago

Description:	modified (diff)

comment:2 by Kurt Schwehr, 7 years ago

Even, Thanks for r39609

comment:3 by Even Rouault, 7 years ago

Resolution:	→ fixed
Status:	new → closed

Note: See TracTickets for help on using tickets.

Download in other formats: