NOAA-EMC / NCEPLIBS-grib_util

This is a collection of NCEP GRIB related utilities.
Other
21 stars 11 forks source link

buffer overflow error in prvtime.F90 in degrib2 #220

Closed edwardhartnett closed 1 year ago

edwardhartnett commented 1 year ago

In degrib2 we have subroutine prvtime() with the following code:

  ! Determine second unit of time range.
  iutpos2 = ipos2(ipdtn)

The problem is that ipdtn can be 0. If so, this is an attempt to read array element 0 and there is none, so we get an error from address santizer:

1: ==13748==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55bac89fd2dc at pc 0x55bac89efad6 bp 0x7ffce4e65ed0 sp 0x7ffce4e65ec0
1: READ of size 4 at 0x55bac89fd2dc thread T0
1:     #0 0x55bac89efad5 in prvtime_ /home/runner/work/NCEPLIBS-grib_util/NCEPLIBS-grib_util/grib_utils/src/degrib2/prvtime.F90:85
1:     #1 0x55bac89e58d0 in test_degrib2_int /home/runner/work/NCEPLIBS-grib_util/NCEPLIBS-grib_util/grib_utils/tests/test_degrib2_int.F90:23
1:     #2 0x55bac89e6863 in main /home/runner/work/NCEPLIBS-grib_util/NCEPLIBS-grib_util/grib_utils/tests/test_degrib2_int.F90:49
1:     #3 0x7fec638b5d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
1:     #4 0x7fec638b5e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
1:     #5 0x55bac89e5404 in _start (/home/runner/work/NCEPLIBS-grib_util/NCEPLIBS-grib_util/grib_utils/build/tests/test_degrib2_int+0x5404)

What happens in the code is that the variable iutpos2 remains set to 0 in this case.

This is part of #191