search

siva-msft / netcdf-c

BSD 3-Clause "New" or "Revised" License
0 stars 1 forks source link

Potential security issue in libdispatch/dvarget.c: Unchecked return from initialization function #24

Open monocle-ai opened 4 years ago

monocle-ai commented 4 years ago

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

2 instances of this defect were found in the following locations:

Instance 1 File : libdispatch/dvarget.c Function: NC_getshape https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarget.c#L207 Code extract:


   /* Get variable dimension sizes */
   isrecvar = NC_is_recvar(ncid,varid,&numrecs);
   NC_getshape(ncid,varid,rank,varshape); <------ HERE

   /* Optimize out using various checks */

How can I fix it? Correct reference usage found in libdispatch/dvarput.c at line 112. https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarput.c#L112 Code extract:

   size_t shape[NC_MAX_VAR_DIMS];
   int stat = nc_inq_varndims(ncid,varid, &ndims);
   if(stat) return stat;
   stat = NC_getshape(ncid,varid, ndims, shape); <------ HERE
   if(stat) return stat;
   return NC_put_vara(ncid, varid, NC_coord_zero, shape, value, memtype);

Instance 2 File : libdispatch/dvarget.c Function: NC_getshape https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarget.c#L366 Code extract:


      /* Compute some dimension related values */
      isrecvar = NC_is_recvar(ncid,varid,&numrecs);
      NC_getshape(ncid,varid,varndims,varshape); <------ HERE

      /*

How can I fix it? Correct reference usage found in libdispatch/dvarput.c at line 112. https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarput.c#L112 Code extract:

   size_t shape[NC_MAX_VAR_DIMS];
   int stat = nc_inq_varndims(ncid,varid, &ndims);
   if(stat) return stat;
   stat = NC_getshape(ncid,varid, ndims, shape); <------ HERE
   if(stat) return stat;
   return NC_put_vara(ncid, varid, NC_coord_zero, shape, value, memtype);
siva-msft commented 4 years ago

lgtm