Opened 7 years ago
Last modified 7 years ago
#6969 closed defect
AddressSanitizer: heap-buffer-overflow degrib1.cpp:1199 in ReadGrib1Sect3 — at Version 1
| Reported by: | Kurt Schwehr | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | unspecified |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
Found by autofuzz. I don't follow the tracking of memory with bms and how to check for a buffer overflow in ReadGrib1Sect3.
#0 0xa1b133 in ReadGrib1Sect3(unsigned char*, unsigned int, unsigned int*, unsigned char*, unsigned int) frmts/grib/degrib18/degrib/degrib1.cpp:1199:15
#1 0xa16d08 in ReadGrib1Record(DataSource&, signed char, double**, unsigned int*, grib_MetaData*, IS_dataType*, int*, unsigned int, double, double) frmts/grib/degrib18/degrib/degrib1.cpp:1855:11
#2 0x78e687 in ReadGrib2Record frmts/grib/degrib18/degrib/degrib2.cpp:894:14
#3 0x509a49 in GRIBRasterBand::ReadGribData(DataSource&, int, int, double**, grib_MetaData**) frmts/grib/gribdataset.cpp:420:5
#4 0x50ad96 in GRIBDataset::Open(GDALOpenInfo*) frmts/grib/gribdataset.cpp:649:13
allocated here:
#1 0xa1635c in ReadGrib1Record(DataSource&, signed char, double**, unsigned int*, grib_MetaData*, IS_dataType*, int*, unsigned int, double, double) frmts/grib/degrib18/degrib/degrib1.cpp:1763:29
Change History (2)
by , 7 years ago
| Attachment: | poc-bc68364d7104c3b584bd44d68d6b4553bd23bcfbe0992bf83008e9f594acdd9b added |
|---|
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
AddressSanitizer: heap-buffer-overflow frmts/grib/degrib18/degrib/degrib1.cpp:1199 in ReadGrib1Sect3