Giters

HydrologicEngineeringCenter / hec-dss

source code for HEC-DSS (Data Storage System)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

possible error in stringToUserHeader(..)

ktarbet opened this issue · comments

commented

to reproduce, enable AddressSanitizer in Dss-C and heclib_c projects.
run DSS-C test program.
error happing on memcpy(..)

int *stringToUserHeader(const char *str, int *userHeaderNumber)

str = "verticalDatumInfo:H4sIAAAAAAAACmWPwQoCIRRFW/sV4t6xJgwDRwiCdi3bSz1BcBRmnn5/mlREy3fu5VyeLrCgv9vAHxbzzH10iebocWIOmSGU6mjRF+i5uV5uZz4etfihrQYBSmUpmsNODqMWX9Di5NwKSGFFP1uEieGS4TVQQ0xv/anqldLiQ3qh2JDBbIe9klKLfjWr6FpDKvx/xJDNE5yqeqDgAAAA;verticalDatum:NGVD-29;"

userHeaderNumber = 58

test vertical datum operations (C API)
zset returned -1
Problem getting information: No such file or directory
File C:\project\hec-dss\test\bin\v6_c.dss not found.
    -----DSS---ZOPEN:  New File Opened,  File: v6_c.dss
                       Unit:    3;  DSS Version: 6-YO  Library 7-IO
Time series test   1: expecting SUCESS
Time series test   2: expecting SUCESS
Time series test   3: expecting SUCESS
Time series test   4: expecting SUCESS
Time series test   5: expecting SUCESS
Time series test   6: expecting SUCESS
Time series test   7: expecting SUCESS
Time series test   8: expecting SUCESS
=================================================================
==27316==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x1177e6b1bbfe at pc 0x7ffd94012fb1 bp 0x001525afd790 sp 0x001525afd7a8
READ of size 256 at 0x1177e6b1bbfe thread T0
==27316==WARNING: Failed to use and restart external symbolizer!
    #0 0x7ffd94012fe1 in _asan_wrap_GlobalSize+0x402db (C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.30.30705\bin\HostX64\x64\clang_rt.asan_dbg_dynamic-x86_64.dll+0x180042fe1)
    #1 0x7ff7d9deb1d5 in stringToUserHeader C:\project\hec-dss\heclib\heclib_c\src\Utilities\verticalDatum.c:273
    #2 0x7ff7d9d69ad5 in testStoreRetrieveTimeSeries C:\project\hec-dss\test\Dss-C\source\testVerticalDatum_c.c:508
    #3 0x7ff7d9d6c6ed in test_vertical_datums_c C:\project\hec-dss\test\Dss-C\source\testVerticalDatum_c.c:20
    #4 0x7ff7d9d72c26 in runTheTests C:\project\hec-dss\test\Dss-C\TestDssC.c:162
    #5 0x7ff7d9d73bf8 in main C:\project\hec-dss\test\Dss-C\TestDssC.c:76

image

commented

The way I wrote it, this could copy up to 3 bytes past the end of str. The memcpy line should be replaced with:

memset((char * )userHeader(0, numInts * 4);
memcpy((char *)userHeader, str, numBytes);