Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory overflow reported in tst_h_dimscales #505

Closed
edhartnett opened this issue Oct 23, 2017 · 4 comments · Fixed by #511
Closed

memory overflow reported in tst_h_dimscales #505

edhartnett opened this issue Oct 23, 2017 · 4 comments · Fixed by #511

Comments

@edhartnett
Copy link
Contributor

edhartnett commented Oct 23, 2017

I built the HEAD with gcc address/memory checking turned on. Turns out there are some memory leaks/overflows.

See #504 for build info.

./tst_h_dimscales

*** Checking HDF5 dimension scales.
*** Creating simple dimension scales file...ok.
*** Checking that simple dimscale file can be read...ok.
*** Creating simple dimension scales file with lots of datasets...ok.
*** Creating a file with an unlimited dimension scale...ok.
=================================================================
==22535==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe37d95610 at pc 0x557a8a8165d8 bp 0x7ffe37d94fa0 sp 0x7ffe37d94f90
WRITE of size 8 at 0x7ffe37d95610 thread T0
    #0 0x557a8a8165d7 in alien_visitor /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:25
    #1 0x7fbc424f0ed7 in H5DSiterate_scales /home/ed/Downloads/hdf5-1.10.1/hl/src/H5DS.c:1357
    #2 0x557a8a81b104 in main /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:437
    #3 0x7fbc4195c3f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
    #4 0x557a8a816309 in _start (/home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales+0x2309)

Address 0x7ffe37d95610 is located in stack of thread T0 at offset 32 in frame
    #0 0x557a8a817697 in main /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:118

  This frame has 12 object(s):
    [32, 36) 'visitor_data' <== Memory access at offset 32 partially overflows this variable
    [96, 104) 'num_obj'
    [160, 168) 'i'
    [224, 232) 'num_obj'
    [288, 296) 'dims'
    [352, 360) 'maxdims'
    [416, 432) 'dims'
    [480, 504) 'dims'
    [544, 568) 'max_dims'
    [608, 4608) 'var1_datasetid'
    [4640, 4896) 'obj_name'
    [4928, 5184) 'label'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:25 in alien_visitor
Shadow bytes around the buggy address:
  0x100046faaa70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100046faaa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100046faaa90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100046faaaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100046faaab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x100046faaac0: f1 f1[04]f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
  0x100046faaad0: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
  0x100046faaae0: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
  0x100046faaaf0: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 00 f4 f2 f2
  0x100046faab00: f2 f2 00 00 00 f4 f2 f2 f2 f2 00 00 00 00 00 00
  0x100046faab10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22535==ABORTING> 
@WardF
Copy link
Member

WardF commented Oct 23, 2017

The tests generally don’t seem to clean up after themselves, and since they’re tests I haven’t prioritized cleaning them up at this point. Any memory issues in the main library or utilities are of course a much different matter. I may or may not close these out after tagging them to revisit in the future tho. And I’ll takr a look at all the other ones you’ve opened, but for the time being they’re lower priority :). Thanks!

@edhartnett
Copy link
Contributor Author

Keep them open and I will take care of them.

I've got a fix for tst_h_dimscales, I will prepare a PR.

I disagree about your priorities. Getting the tests to run without memory errors is very important, because otherwise you cannot be running these memory checks on all code changes.

I need a clean memory build for PIO to work well. In HPC memory leaks are much to be feared. A small leak becomes a big overall leak when it is running on 500K cores. And the long runs and complex IO of climate and Earth system models will allow memory leaks to accumulate.

@WardF
Copy link
Member

WardF commented Oct 23, 2017

I agree with their importance, but running static analysis with tests turns on shows an abundance of issues (many related to memory allocated but not explicitly freed); addressing all of those are important, but we don't have the resources to chase them and address other more explicit/obvious bugs. I appreciate your PR, and opening these issues. I'll leave them open, and now that I've scanned them I see some are not specific to the tests, so I will work on those as well. Have you seen our coverity dashboard? If not, I'd be happy to add you as a collaborator there.

@edhartnett
Copy link
Contributor Author

edhartnett commented Oct 23, 2017 via email

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue May 16, 2018
Upstream changes:
## 4.6.1 - March 15, 2018

* [Bug Fix] Corrected an issue which could result in a dap4 failure. See [Github #888](Unidata/netcdf-c#888) for more information.
* [Bug Fix][Enhancement] Allow `nccopy` to control output filter suppresion.  See [Github #894](Unidata/netcdf-c#894) for more information.
* [Enhancement] Reverted some new behaviors that, while in line with the netCDF specification, broke existing workflows.  See [Github #843](Unidata/netcdf-c#843) for more information.
* [Bug Fix] Improved support for CRT builds with Visual Studio, improves zlib detection in hdf5 library. See [Github #853](Unidata/netcdf-c#853) for more information.
* [Enhancement][Internal] Moved HDF4 into a distinct dispatch layer. See [Github #849](Unidata/netcdf-c#849) for more information.

## 4.6.0 - January 24, 2018
* [Enhancement] Full support for using HDF5 dynamic filters, both for reading and writing. See the file docs/filters.md.
* [Enhancement] Added an option to enable strict null-byte padding for headers; this padding was specified in the spec but was not enforced.  Enabling this option will allow you to check your files, as it will return an E_NULLPAD error.  It is possible for these files to have been written by older versions of libnetcdf.  There is no effective problem caused by this lack of null padding, so enabling these options is informational only.  The options for `configure` and `cmake` are `--enable-strict-null-byte-header-padding` and `-DENABLE_STRICT_NULL_BYTE_HEADER_PADDING`, respectively.  See [Github #657](Unidata/netcdf-c#657) for more information.
* [Enhancement] Reverted behavior/handling of out-of-range attribute values to pre-4.5.0 default. See [Github #512](Unidata/netcdf-c#512) for more information.
* [Bug] Fixed error in tst_parallel2.c. See [Github #545](Unidata/netcdf-c#545) for more information.
* [Bug] Fixed handling of corrupt files + proper offset handling for hdf5 files. See [Github #552](Unidata/netcdf-c#552) for more information.
* [Bug] Corrected a memory overflow in `tst_h_dimscales`, see [Github #511](Unidata/netcdf-c#511), [Github #505](Unidata/netcdf-c#505), [Github #363](Unidata/netcdf-c#363) and [Github #244](Unidata/netcdf-c#244) for more information.

## 4.5.0 - October 20, 2017

* Corrected an issue which could potential result in a hang while using parallel file I/O. See [Github #449](Unidata/netcdf-c#449) for more information.
* Addressed an issue with `ncdump` not properly handling dates on a 366 day calendar. See [GitHub #359](Unidata/netcdf-c#359) for more information.

### 4.5.0-rc3 - September 29, 2017

* [Update] Due to ongoing issues, native CDF5 support has been disabled by **default**.  You can use the options mentioned below (`--enable-cdf5` or `-DENABLE_CDF5=TRUE` for `configure` or `cmake`, respectively).  Just be aware that for the time being, Reading/Writing CDF5 files on 32-bit platforms may result in unexpected behavior when using extremely large variables.  For 32-bit platforms it is best to continue using `NC_FORMAT_64BIT_OFFSET`.
* [Bug] Corrected an issue where older versions of curl might fail. See [GitHub #487](Unidata/netcdf-c#487) for more information.
* [Enhancement] Added options to enable/disable `CDF5` support at configure time for autotools and cmake-based builds.  The options are `--enable/disable-cdf5` and `ENABLE_CDF5`, respectively.  See [Github #484](Unidata/netcdf-c#484) for more information.
* [Bug Fix] Corrected an issue when subsetting a netcdf3 file via `nccopy -v/-V`. See [Github #425](Unidata/netcdf-c#425) and [Github #463](Unidata/netcdf-c#463) for more information.
* [Bug Fix] Corrected `--has-dap` and `--has-dap4` output for cmake-based builds. See [GitHub #473](Unidata/netcdf-c#473) for more information.
* [Bug Fix] Corrected an issue where `NC_64BIT_DATA` files were being read incorrectly by ncdump, despite the data having been written correctly.  See [GitHub #457](Unidata/netcdf-c#457) for more information.
* [Bug Fix] Corrected a potential stack buffer overflow.  See [GitHub #450](Unidata/netcdf-c#450) for more information.

### 4.5.0-rc2 - August 7, 2017

* [Bug Fix] Addressed an issue with how cmake was implementing large file support on 32-bit systems. See [GitHub #385](Unidata/netcdf-c#385) for more information.
* [Bug Fix] Addressed an issue where ncgen would not respect keyword case. See [GitHub #310](Unidata/netcdf-c#310) for more information.

### 4.5.0-rc1 - June 5, 2017

* [Enhancement] DAP4 is now included. Since dap2 is the default for urls, dap4 must be specified by
(1) using "dap4:" as the url protocol, or
(2) appending "#protocol=dap4" to the end of the url, or
(3) appending "#dap4" to the end of the url
Note that dap4 is enabled by default but remote-testing is
disbled until the testserver situation is resolved.
* [Enhancement] The remote testing server can now be specified with the `--with-testserver` option to ./configure.
* [Enhancement] Modified netCDF4 to use ASCII for NC_CHAR.  See [Github Pull request #316](Unidata/netcdf-c#316) for more information.
* [Bug Fix] Corrected an error with how dimsizes might be read. See [Github #410](Unidata/netcdf-c#410) for more information.
* [Bug Fix] Corrected an issue where 'make check' would fail if 'make' or 'make all' had not run first.  See [Github #339](Unidata/netcdf-c#339) for more information.
* [Bug Fix] Corrected an issue on Windows with Large file tests. See [Github #385](Unidata/netcdf-c#385]) for more information.
* [Bug Fix] Corrected an issue with diskless file access, see [Pull Request #400](Unidata/netcdf-c#400) and [Pull Request #403](Unidata/netcdf-c#403) for more information.
* [Upgrade] The bash based test scripts have been upgraded to use a common test_common.sh include file that isolates build specific information.
* [Upgrade] The bash based test scripts have been upgraded to use a common test_common.sh include file that isolates build specific information.
* [Refactor] the oc2 library is no longer independent of the main netcdf-c library. For example, it now uses ncuri, nclist, and ncbytes instead of its homegrown equivalents.
* [Bug Fix] `NC_EGLOBAL` is now properly returned when attempting to set a global `_FillValue` attribute. See [GitHub #388](Unidata/netcdf-c#388) and [GitHub #389](Unidata/netcdf-c#389) for more information.
* [Bug Fix] Corrected an issue where data loss would occur when `_FillValue` was mistakenly allowed to be redefined.  See [Github #390](Unidata/netcdf-c#390), [GitHub #387](Unidata/netcdf-c#387) for more information.
* [Upgrade][Bug] Corrected an issue regarding how "orphaned" DAS attributes were handled. See [GitHub #376](Unidata/netcdf-c#376) for more information.
* [Upgrade] Update utf8proc.[ch] to use the version now maintained by the Julia Language project (https://github.com/JuliaLang/utf8proc/blob/master/LICENSE.md).
* [Bug] Addressed conversion problem with Windows sscanf.  This primarily affected some OPeNDAP URLs on Windows.  See [GitHub #365](Unidata/netcdf-c#365) and [GitHub #366](Unidata/netcdf-c#366) for more information.
* [Enhancement] Added support for HDF5 collective metadata operations when available. Patch submitted by Greg Sjaardema, see [Pull request #335](Unidata/netcdf-c#335) for more information.
* [Bug] Addressed a potential type punning issue. See [GitHub #351](Unidata/netcdf-c#351) for more information.
* [Bug] Addressed an issue where netCDF wouldn't build on Windows systems using MSVC 2012. See [GitHub #304](Unidata/netcdf-c#304) for more information.
* [Bug] Fixed an issue related to potential type punning, see [GitHub #344](Unidata/netcdf-c#344) for more information.
* [Enhancement] Incorporated an enhancement provided by Greg Sjaardema, which may improve read/write times for some complex files.  Basically, linked lists were replaced in some locations where it was safe to use an array/table.  See [Pull request #328](Unidata/netcdf-c#328) for more information.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants