Opened 6 years ago

Closed 6 years ago

#7072 closed defect (fixed)

GRIB triggers msan issue in GDALChecksumImage

Reported by: Kurt Schwehr Owned by: warmerdam
Priority: normal Milestone:
Component: default Version: unspecified
Severity: normal Keywords: grib msan
Cc:

Description

I've hit this issue before with other fuzzer files. and not figured out how to fix it. Help would be appreciated.

GDALChecksumImage third_party/gdal/alg/gdalchecksum.cpp:110

Once the asan issue is fixed, I get an msan issue here with the attached fuzzer derived proof of concept (from autofuzz).

        for( int iLine = nYOff; iLine < nYOff + nYSize; iLine++ )
        {
            if( GDALRasterIO( hBand, GF_Read, nXOff, iLine, nXSize, 1,
                              padfLineData, nXSize, 1,
                              eDstDataType, 0, 0 ) != CE_None )
            {
                CPLError(CE_Failure, CPLE_FileIO,
                         "Checksum value couldn't be computed due to "
                         "I/O read error.");
                break;
            }
            const int nCount = bComplex ? nXSize * 2 : nXSize;

            for( int i = 0; i < nCount; i++ )
            {
                double dfVal = padfLineData[i];
                int nVal;
                if( CPLIsNan(dfVal) || CPLIsInf(dfVal) )  // <-- MemorySanitizer: use-of-uninitialized-value

The msan is coming from GDALChecksumImage called here:

https://github.com/schwehr/gdal-autotest2/blob/master/cpp/fuzzers/gdal.cc#L87

Attachments (1)

poc-ac31a626b9abdf948d14aff3bdebcffdc841e31fbb313ab2c2fdec6e67e1ab7c (741 bytes ) - added by Kurt Schwehr 6 years ago.
Fuzzer generated proof of concept GRIB that triggers a checksum msan failure

Download all attachments as: .zip

Change History (2)

by Kurt Schwehr, 6 years ago

Fuzzer generated proof of concept GRIB that triggers a checksum msan failure

comment:1 by Even Rouault, 6 years ago

Resolution: fixed
Status: newclosed

This is no longer reproducible with latest trunk

$ valgrind gdalinfo poc-ac31a626b9abdf948d14aff3bdebcffdc841e31fbb313ab2c2fdec6e67e1ab7c 
==31023== Memcheck, a memory error detector
==31023== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==31023== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==31023== Command: gdalinfo poc-ac31a626b9abdf948d14aff3bdebcffdc841e31fbb313ab2c2fdec6e67e1ab7c
==31023== 
Warning: Inside GRIB2Inventory, Message # 2
ERROR: Couldn't find 'GRIB' or 'TDLP'
There were 3 trailing bytes in the file.
ERROR 4: poc-ac31a626b9abdf948d14aff3bdebcffdc841e31fbb313ab2c2fdec6e67e1ab7c is a grib file, but no raster dataset was successfully identified.
gdalinfo failed - unable to open 'poc-ac31a626b9abdf948d14aff3bdebcffdc841e31fbb313ab2c2fdec6e67e1ab7c'.
Note: See TracTickets for help on using tickets.