call to status() can cause segfault if library is not initialized

NOAA-EMC / NCEPLIBS-bufr

The NCEPLIBS-bufr library contains routines and utilites for working with the WMO BUFR format.

Other

44 stars 19 forks source link

call to status() can cause segfault if library is not initialized #395

Closed edwardhartnett closed 1 year ago

edwardhartnett commented 1 year ago

The subroutine copysb() calls status() like this:

  CALL STATUS(LUNIN,LIN,IL,IM)

status.f then uses this like this: DO I=1,NFILES IF(ABS(IOLUN(I)).EQ.LUNIT) LUN = I ENDDO

This then segfaults because IOLUN is not yet allocated.

So this can be easily obtained by the user calling copysb() without opening a file first.

We should always error, never segfault.

jbathegit commented 1 year ago

Well, as noted in the discussion of #393, one could make a similar argument here that a user has no business calling copysb() without ever having previously opened a file to copy to or from, but I see your point and this would be a similarly innocuous failsafe check, so I'll go ahead and work on that.