search

siva-msft / netcdf-c

BSD 3-Clause "New" or "Revised" License
0 stars 1 forks source link

Potential security issue in libdispatch/dvarput.c: Unchecked return from initialization function #25

Open monocle-ai opened 4 years ago

monocle-ai commented 4 years ago

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

2 instances of this defect were found in the following locations:

Instance 1 File : libdispatch/dvarput.c Function: NC_getshape https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarput.c#L195 Code extract:

   status = NC_inq_recvar(ncid,varid,&nrecdims,is_recdim);
   if(status != NC_NOERR) return status;
   isrecvar = (nrecdims > 0);
   NC_getshape(ncid,varid,rank,varshape); <------ HERE

   /* Optimize out using various checks */

How can I fix it? Correct reference usage found in libdispatch/dvarput.c at line 112. https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarput.c#L112 Code extract:

   size_t shape[NC_MAX_VAR_DIMS];
   int stat = nc_inq_varndims(ncid,varid, &ndims);
   if(stat) return stat;
   stat = NC_getshape(ncid,varid, ndims, shape); <------ HERE
   if(stat) return stat;
   return NC_put_vara(ncid, varid, NC_coord_zero, shape, value, memtype);

Instance 2 File : libdispatch/dvarput.c Function: NC_getshape https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarput.c#L403 Code extract:


      /* Compute some dimension related values */
      isrecvar = NC_is_recvar(ncid,varid,&numrecs);
      NC_getshape(ncid,varid,varndims,varshape); <------ HERE

      /* assert(sizeof(ptrdiff_t) >= sizeof(size_t)); */

How can I fix it? Correct reference usage found in libdispatch/dvarput.c at line 112. https://github.com/siva-msft/netcdf-c/blob/894ed2625d911c80bd9037dc01bc6f19cd68ec34/libdispatch/dvarput.c#L112 Code extract:

   size_t shape[NC_MAX_VAR_DIMS];
   int stat = nc_inq_varndims(ncid,varid, &ndims);
   if(stat) return stat;
   stat = NC_getshape(ncid,varid, ndims, shape); <------ HERE
   if(stat) return stat;
   return NC_put_vara(ncid, varid, NC_coord_zero, shape, value, memtype);
siva-msft commented 4 years ago

lgtm