[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[netCDF #BNF-715402]: Vulnerability report: Segmentation fault in ncdump in netcdf-c v4.9.1
- Subject: [netCDF #BNF-715402]: Vulnerability report: Segmentation fault in ncdump in netcdf-c v4.9.1
- Date: Tue, 14 Mar 2023 11:26:54 -0600
Hello,
Can you provide more information regarding the provenance of the POV netCDF
file, and what we would expect it to look like? It appears that the issue is
occurring within `libhdf5`, and without more information, it is impossible for
us to determine if the issue is with `libnetcdf` or `libhdf5`.
Thanks!
-Ward
> Segmentation fault in ncdump in netcdf-c v4.9.1
>
> netcdf-c version 4.9.1 - built from commit hash 63150df
> OS: Ubuntu 20.04
> Compiler: clang version 11.0
>
> Build options:
>
> export CC=clang
> export CXX=clang++
> export LDFLAGS="-lstdc++ -L/usr/lib/x86_64-linux-gnu/hdf5/serial/lib"
> export CFLAGS="-I/usr/lib/x86_64-linux-gnu/hdf5/serial/include"
> export CXXFLAGS="-I/usr/lib/x86_64-linux-gnu/hdf5/serial/include"
> export ADDITIONAL="-g -fno-inline -fsanitize=address"
> export LDFLAGS="$LDFLAGS -fsanitize=address"
> export ASAN_OPTIONS=abort_on_error=1
> CFLAGS="$CFLAGS $ADDITIONAL" CXXFLAGS="$CXXFLAGS $ADDITIONAL" ./configure
> --disable-dap --disable-dap-remote-tests --disable-shared
>
> Command: ./ncdump POV
> POV file attached with this email as pov.zip
>
> Stack trace:
>
> ==3258776==ERROR: AddressSanitizer: SEGV on unknown address 0x62030000f2e0
> (pc 0x7f0f55577580 bp 0x607000000480 sp 0x7fffa17ae3d0 T0)
> ==3258776==The signal is caused by a READ memory access.
> #0 0x7f0f55577580 (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x153580)
> #1 0x7f0f5549f775 in H5C_protect
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x7b775)
> #2 0x7f0f55479eea in H5AC_protect
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x55eea)
> #3 0x7f0f55575372 in H5HG__protect
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x151372)
> #4 0x7f0f5557587a in H5HG_read
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x15187a)
> #5 0x7f0f556bce3f (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x298e3f)
> #6 0x7f0f5565b577 in H5T__conv_vlen
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x237577)
> #7 0x7f0f5564f91f in H5T_convert
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x22b91f)
> #8 0x7f0f55471e30 in H5A__read
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x4de30)
> #9 0x7f0f554683a9 in H5Aread
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x443a9)
> #10 0x7f0f557ac08f in H5DSget_num_scales
> (/lib/x86_64-linux-gnu/libhdf5_serial_hl.so.100+0xb08f)
> #11 0x64777d in get_attached_info netcdf/libhdf5/hdf5open.c:1333:18
> #12 0x645d6b in nc4_get_var_meta netcdf/libhdf5/hdf5open.c:1492:23
> #13 0x642db5 in nc4_hdf5_find_grp_var_att netcdf/libhdf5/hdf5internal.c:924:27
> #14 0x668690 in NC4_HDF5_inq_var_all netcdf/libhdf5/hdf5var.c:2320:19
> #15 0x569db4 in nc_inq_var netcdf/libdispatch/dvarinq.c:131:11
> #16 0x569ef7 in nc_inq_varndims netcdf/libdispatch/dvarinq.c:204:11
> #17 0x50128b in do_ncdump_rec netcdf/ncdump/ncdump.c:1762:7
> #18 0x4fda26 in do_ncdump netcdf/ncdump/ncdump.c:2047:4
> #19 0x4fb3b2 in main netcdf/ncdump/ncdump.c:2490:7
> #20 0x7f0f54e35082 in __libc_start_main
> /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
> #21 0x41fe2d in _start (netcdf/ncdump/ncdump+0x41fe2d)
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV
> (/lib/x86_64-linux-gnu/libhdf5_serial.so.103+0x153580)
> ==3258776==ABORTING
>
> Thanks,
> Chaitra
>
>
Ticket Details
===================
Ticket ID: BNF-715402
Department: Support netCDF
Priority: Normal
Status: Closed
===================
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata
inquiry tracking system and then made publicly available through the web. If
you do not want to have your interactions made available in this way, you must
let us know in each email you send to us.
