Heap Overflow in CeedBasisCreateProjection

Reported in HONEE, mostly likely resulting from (or enabled by) https://github.com/CEED/libCEED/pull/1629

ASAN reports the following backtrace when doing a projection from a cell-to-face basis to a face basis:

=================================================================
==190544==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500003e800 at pc 0x7fc55b671412 bp 0x7ffe25b2d730 sp 0x7ffe25b2cef0
READ of size 768 at 0x61500003e800 thread T0
    #0 0x7fc55b671411 in __interceptor_memcpy /tmp/jrwrigh/spack-stage/spack-stage-gcc-13.2.0-nl3zwofebbta6y5b6jydi6cs357uwfwv/spack-src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899
    #1 0x7fc55980f28e in CeedBasisCreateH1 /home/jrwrigh/software/libCEED/interface/ceed-basis.c:1192
    #2 0x7fc5598110ff in CeedBasisCreateProjection /home/jrwrigh/software/libCEED/interface/ceed-basis.c:1374
    #3 0x6913ee in SetupStrongSTG_Ceed /home/jrwrigh/software/HONEE/src/strong_boundary_conditions.c:80
    #4 0x694da9 in SetupStrongBC_Ceed /home/jrwrigh/software/HONEE/src/strong_boundary_conditions.c:204
    #5 0x685c80 in SetupLibceed /home/jrwrigh/software/HONEE/src/setuplibceed.c:475
    #6 0x42f4f4 in main /home/jrwrigh/software/HONEE/examples/navierstokes.c:200
    #7 0x7fc558c39c87  (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #8 0x7fc558c39d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #9 0x4329b4 in _start (/home/jrwrigh/software/HONEE/build/navierstokes+0x4329b4)

0x61500003e800 is located 0 bytes after 512-byte region [0x61500003e600,0x61500003e800)
allocated by thread T0 here:
    #0 0x7fc55b6dad47 in __interceptor_calloc /tmp/jrwrigh/spack-stage/spack-stage-gcc-13.2.0-nl3zwofebbta6y5b6jydi6cs357uwfwv/spack-src/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7fc559814008 in CeedCallocArray /home/jrwrigh/software/libCEED/interface/ceed.c:236
    #2 0x7fc559810dba in CeedBasisCreateProjectionMatrices /home/jrwrigh/software/libCEED/interface/ceed-basis.c:259
    #3 0x7fc559810dba in CeedBasisCreateProjection /home/jrwrigh/software/libCEED/interface/ceed-basis.c:1348
    #4 0x6913ee in SetupStrongSTG_Ceed /home/jrwrigh/software/HONEE/src/strong_boundary_conditions.c:80
    #5 0x694da9 in SetupStrongBC_Ceed /home/jrwrigh/software/HONEE/src/strong_boundary_conditions.c:204
    #6 0x685c80 in SetupLibceed /home/jrwrigh/software/HONEE/src/setuplibceed.c:475
    #7 0x42f4f4 in main /home/jrwrigh/software/HONEE/examples/navierstokes.c:200
    #8 0x7fc558c39c87  (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #9 0x7fc558c39d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #10 0x4329b4 in _start (/home/jrwrigh/software/HONEE/build/navierstokes+0x4329b4)

The issue is in the size of the grad_project array and what it's calculated size for memcpy in CeedBasisCreateH1. Quick fix would appear to:

diff --git i/interface/ceed-basis.c w/interface/ceed-basis.c
index 26c52a8d7..d11098837 100644
--- i/interface/ceed-basis.c
+++ w/interface/ceed-basis.c
@@ -234,7 +234,7 @@ static int CeedBasisCreateProjectionMatrices(CeedBasis basis_from, CeedBasis bas
   CeedScalar       *interp_to_inv, *interp_from;
   const CeedScalar *interp_to_source = NULL, *interp_from_source = NULL, *grad_from_source = NULL;

-  CeedCall(CeedBasisGetDimension(basis_to, &dim));
+  CeedCall(CeedBasisGetDimension(basis_from, &dim));
   if (are_both_tensor) {
     CeedCall(CeedBasisGetInterp1D(basis_to, &interp_to_source));
     CeedCall(CeedBasisGetInterp1D(basis_from, &interp_from_source));

but that's resulting in an incorrect basis (at least according to local HONEE tests).

CEED / libCEED

Heap Overflow in CeedBasisCreateProjection #1631