[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[netCDF #VUC-284716]: NC_computeshapes Assertion

Hi Clinton,

> We intentionally have a corrupt file in a test suite to help test our error
> handling code.  See attached.
> However, we are updating to use NetCDF 4.3 and are getting this problem when
> we run ncdump on the file.
> ncdump: ../../libsrc/v1hpg.c:1160: NC_computeshapes: Assertion `ncp->begin_var
> <= ncp->begin_rec' failed.
> Older versions of NetCDF could handle this gracefully and return an error to
> our code.

I'm curious what older version handled this any differently.  I just tested 
older versions
back to netCDF-3.6.1 (February 2006), and they all got the same assertion 

Version 3.6.0 (December 2004) didn't get an assertion violation, but it also 
didn't detect 
any error!   The ncdump from that version just emits zeros of the appropriate 
type for all 
the values of variable(s) past the truncation point.

I've got a fix that replaces the assertions in libsrc/v1hpg.c with code to 
return the error
code NC_ENOTNC ("Not a netCDF file").  That passes all our tests, and makes 
behave like this on your corrupted file:

  $ ncdump ~/test/truncated.g
  ncdump: truncated.g: NetCDF: Unknown file format
I think that should qualify as more graceful handling, but note that there are 
surely other 
ways to corrupt a netCDF file that are not detected by this change, and no 
possible way to
detect a maliciously modified netCDF file (e.g., if two variable names of the 
same length 
were swapped in the header).  However, this modification would detect a lot of 
corruptions, such as truncation.


> Thanks for your attention.
> --
> Clinton Stimpson
> Elemental Technologies, Inc
> Computational Simulation Software, LLC
> www.csimsoft.com
Russ Rew                                         UCAR Unidata Program
address@hidden                      http://www.unidata.ucar.edu

Ticket Details
Ticket ID: VUC-284716
Department: Support netCDF
Priority: Normal
Status: Closed

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.