Commit Graph

51 Commits

Author SHA1 Message Date
Sean McBride
dc1b8b9c4b Fixed various UBSan warnings about working with NULL pointers
Any pointer arithmetic with NULL pointers is technically UB, even if you don't end up dereferencing the pointer.
2023-11-15 14:28:24 -05:00
Ward Fisher
b7635f061f Fixed an issue where memcpy was potentially passed a null pointer. 2023-02-24 11:27:36 -07:00
Ward Fisher
3bf18fbdb8
Merge pull request #2039 from mathstuf/various-fixes
Various fixes
2022-03-10 14:52:30 -07:00
Dennis Heimbigner
b5d4afd1d5 Patch errors
## Examine and fix ezxml errors

re: Issue https://github.com/Unidata/netcdf-c/issues/2119

Multiple security issues were found in ezxml (see above Issue).

* CVE-2021-31598
* CVE-2021-31348 / CVE-2021-31347
* CVE-2021-31229
* CVE-2021-30485
* CVE-2021-26222
* CVE-2021-26221
* CVE-2021-26220
* CVE-2019-20202
* CVE-2019-20201
* CVE-2019-20200
* CVE-2019-20199
* CVE-2019-20198
* CVE-2019-20007
* CVE-2019-20006
* CVE-2019-20005

In addition, moved ezxml to libdispatch.

## Examine and fix selected  oss-fuzz detected errors

Note that most of these errors are in the libsrc .m4 generated
code so fixing them is difficult. It would nice if we could tell
oss-fuzz to skip those files. They are old and crufty and
probably need a complete refactor.

Issue|Status
-----|------
35382|Fixed; old bug
35398|Closed by OSS-Fuzz
35442|Guarantee alloc > 0 or error; Old bug
35721|Assert failure; ok
35992|Fixed; old bug
36038|Fixed; old bug
36129|Unfixed; old bug
36229|Fixed by adding assert; old bug
37476|Unfixed; old bug
37824|Assert Failure; ok
38300|Closed by OSS-Fuzz
38537|Unfixed; old bug
38658|Unfixed; old bug
38699|Fixed maybe; old bug
38772|Nature of error is unclear, suspect that it results from using too large a type.
39248|Need more information
39394|Unfixed; old bug
2021-10-12 14:03:48 -06:00
Ben Boeckel
8cea8cce3e size_t: use for type consistency where necessary 2021-07-27 09:26:20 -04:00
Ward Fisher
87110139f6 More synchronization of copyright stanzas. 2018-12-06 14:34:40 -07:00
Wei-keng Liao
1b6f579aa4 another typecast missed 2018-06-17 13:16:09 -05:00
Wei-keng Liao
ab2dbc0d84 Promote NC_var member len from size_t to long long to fix some problems of large-variable tests on 320bit platforms. 2018-06-15 15:08:05 -05:00
Wei-keng Liao
a2e0ef4ea6 Checking large-sized variables has been moved to NC_enddef() as explained in below comments at lines 491-495. This is most likely caused by git merge failed to delete residue codes. 2018-06-15 14:23:09 -05:00
Ward Fisher
7b86b4d3d3
Merge branch 'master' into issue899.dmh 2018-03-26 22:31:29 -06:00
Dennis Heimbigner
efe2fa727e Fix bug: Index exceeds dimension bound
Fix github issue https://github.com/Unidata/netcdf-c/issues/899
which came from e-support UOY-859712.

The problem was that the vlen_max parameter
to libsrc/var.c#NC_check_vlen was of type size_t.
However, it is being called, sometimes, with values
of size X_INT64_MAX. The resulting truncation was
causing dimension failures as noted in the e-support
report.

Fix is to change the vlen_max argument (and some
local variables in NC_check_vlen) to be of declared
as unsigned long long.
2018-03-16 13:54:33 -06:00
Dennis Heimbigner
225453f12f Fix memory leaks re utf8_normalize 2018-02-27 15:46:19 -07:00
Dennis Heimbigner
ab96eb36ad Fix lgtm alerts 2018-02-25 11:28:06 -07:00
Dennis Heimbigner
8cb1fc4cfe This is the second step in refactoring the libsrc4 code.
The first was branch newhash0.dmh.

As with newhash0.dmh, these changes should be transparent.
2018-02-24 20:36:24 -07:00
Ward Fisher
9e926410ee Added the fix suggested by @mathstuf in support of https://github.com/unidata/netcdf-c/issues/845 2018-02-07 11:23:54 -07:00
Ward Fisher
0d420fcfbb
Merge branch 'master' into cdf5_var_len 2018-02-02 10:31:46 -07:00
Ward Fisher
8487a0a954
Merge branch 'master' into cdf5_var_len 2018-01-25 16:30:58 -07:00
Wei-keng Liao
0f4a85b9f2 a clean commit for #383 2017-12-20 20:53:30 -06:00
Ward Fisher
91865a3cbc Merge branch 'NC_MAX_VAR_DIMS' of https://github.com/wkliao/netcdf-c into multi-merge 2017-11-02 11:20:54 -06:00
Wei-keng Liao
2cc30c16be check against NC_MAX_VAR_DIMS (but using NC_EMAXDIMS, maybe a new error code NC_EMAXVARDIMS is needed) 2017-09-21 12:37:33 -05:00
Wei-keng Liao
b07d9701a9 move detection of NC_EVARSIZE from nc_enddef to nc_def_var 2017-09-13 11:57:19 -05:00
Wei-keng Liao
8c5956946a fix the setting of the member len of NC_var object, related to issue 463 2017-09-06 19:49:59 -05:00
Greg Sjaardema
1503013e33 Eliminate NC_MAX_VARS|DIMS|ATTRS limits 2017-07-20 09:32:29 -06:00
Ward Fisher
8dddd222a3 Merged master, DAP4 support into branch. 2017-04-19 09:29:35 -06:00
Wei-keng Liao
7aa8fc36c7 include config.h the way suggested by autoconf 2017-03-11 13:03:17 -06:00
Dennis Heimbigner
3db4f013bf Primary change: add dap4 support
Specific changes:
1. Add dap4 code: libdap4 and dap4_test.
   Note that until the d4ts server problem is solved, dap4 is turned off.
2. Modify various files to support dap4 flags:
	configure.ac, Makefile.am, CMakeLists.txt, etc.
3. Add nc_test/test_common.sh. This centralizes
   the handling of the locations of various
   things in the build tree: e.g. where is
   ncgen.exe located. See nc_test/test_common.sh
   for details.
4. Modify .sh files to use test_common.sh
5. Obsolete separate oc2 by moving it to be part of
   netcdf-c. This means replacing code with netcdf-c
   equivalents.
5. Add --with-testserver to configure.ac to allow
   override of the servers to be used for --enable-dap-remote-tests.
6. There were multiple versions of nctypealignment code. Try to
   centralize in libdispatch/doffset.c and include/ncoffsets.h
7. Add a unit test for the ncuri code because of its complexity.
8. Move the findserver code out of libdispatch and into
   a separate, self contained program in ncdap_test and dap4_test.
9. Move the dispatch header files (nc{3,4}dispatch.h) to
   .../include because they are now shared by modules.
10. Revamp the handling of TOPSRCDIR and TOPBUILDDIR for shell scripts.
11. Make use of MREMAP if available
12. Misc. minor changes e.g.
	- #include <config.h> -> #include "config.h"
	- Add some no-install headers to /include
	- extern -> EXTERNL and vice versa as needed
	- misc header cleanup
	- clean up checking for misc. unix vs microsoft functions
13. Change copyright decls in some files to point to LICENSE file.
14. Add notes to RELEASENOTES.md
2017-03-08 17:01:10 -07:00
Ward Fisher
ec526880dd Merge branch 'master' into NC_USHORT_rec_align 2017-03-02 15:22:36 -07:00
Dennis Heimbigner
47daf33074 Resolves Github issue https://github.com/Unidata/netcdf-c/issues/349.
Update utf8proc.[ch] to use the version now
maintained by the Julia Language project
(https://github.com/JuliaLang/utf8proc/blob/master/LICENSE.md).
The license for the previous version was
unacceptable for the Debian and Ubuntu release
systems. The new version both updates the code
and addresses the license issue.

It turns out that the utf8proc software we are using
was turned over to the Julia Language developers
and the license terms changed to allow modification.
(https://github.com/JuliaLang/utf8proc/blob/master/LICENSE.md).

So the fix here is as follows:
1. Wrap the library with a fixed interface: libdispatch/dutf8.c
   and include/ncutf8.h.
2. Replace the existing utf8proc code with the new version
   from https://github.com/JuliaLang/utf8proc.
3. Add a couple more test cases: nc_test/tst_utf8_validate.c
   and nc_test_utf8_phrases.c.  If/when I can find a usable
   normalization test, I will incorporate that later.
2017-02-16 14:27:54 -07:00
Wei-keng Liao
467fded268 bug fix: record size alignment for NC_USHORT is missing 2016-11-25 10:35:43 -06:00
Ward Fisher
cdf7717666 Updated OFF_T_MAX computation to avoid an undefined behavior warning reported by clang/gcc. 2016-09-26 10:14:38 -06:00
Greg Sjaardema
586e832f64 Fix variable and dimension renaming for nc3 with hashmap
The problem is that the name was being updated prior to the old
variable being removed from the hashmap. It checks whether the key and
the name of the variable being removed match, but since the name had
already been updated, the names did not match so the variable was not
removed. This patch removes the variable from the hashmap first,
then updates the name, and then adds the variable with the new name to
the hashmap.

Similar change for renaming dimensions.
2016-07-11 15:44:40 -04:00
Ward Fisher
3e24dcd575 Removed some dead assignments reported by clang. 2016-06-20 15:28:46 -06:00
Greg Sjaardema
09454cba09 Fix accessing deleted memory 2016-04-05 09:47:12 -06:00
Greg Sjaardema
1f9eb8093c Fix duplicate key issues in nc_hashmap
The addition of the nc_hashmap to facilitate quick
retrieval of var and dim by name did not take into
account key collisions -- two or more names hashed
to the same value.  If the keys matched, it assumed
that the names matched also.

This change fixes this incorrect assumption and
checks both the key (which is the hash of the name)
and if the keys match, it also checks that the names
match.

While there have been no instances of duplicate keys,
they are certain to occur and cause difficult to
debug issues. This fix eliminates that defect.
2016-04-05 09:07:40 -06:00
Greg Sjaardema
43ef27a407 Revert array geometric growth option 2016-03-24 06:44:41 -06:00
Greg Sjaardema
a248e0dfbe Free hashmap to eliminate memory leaks 2016-03-24 06:38:45 -06:00
Greg Sjaardema
d5cb4b9e3e Add hashmap for quick retrieval of dim and var 2016-03-24 06:38:45 -06:00
Greg Sjaardema
3bb86e417d Update var.c 2016-03-22 07:52:41 -06:00
Greg Sjaardema
362e28948d Add hashmap for quick retrieval of dim and var 2016-03-22 07:29:00 -06:00
dmh
49597a64af merge-squash 2015-10-09 10:12:11 -06:00
Ward Fisher
8515ece987 Corrected a dead-code issue reported by Coverity (that I introduced). 2015-09-24 11:32:41 -06:00
Ward Fisher
a8df681331 Addressed a potential null dereference bug reported by Coverity static analysis. 2015-09-22 15:31:48 -06:00
Ward Fisher
8c70437580 Added a check for a null pointer based on the bug fix documented in [NCF-340]. 2015-09-11 12:29:35 -06:00
Ward Fisher
dffaff8406 Further progress on [NCF-340], capturing previously-lost error code NC_EGLOBAL 2015-09-10 15:55:06 -06:00
Ward Fisher
9f9de5a493 Added a fix for a 'garbage/undefined value' bug reported by clang. in var.c, when varp->shape was being allocated, it was not being initialized properly and as a result, in some circustances, could potentially be dereferenced and evaluated without having a proper value. It is now initialized to 0. Hopefully this does not cause a problem. All the tests continue to pass, but I'm leaving a verbose comment here in case there is a knock-on problem discovered somewhere down the line. 2014-11-06 14:43:09 -07:00
Ward Fisher
461c96cdbe Fixed a clang-reported NULL pointer dereference issue. 2014-09-30 11:30:00 -06:00
Ward Fisher
ae927f3c84 Fixed a dereference issue where ndims was greater than 0 but the allocation for dimids would fail. Identified by clang static analysis. 2014-07-09 12:45:06 -06:00
Ward Fisher
76e5e0f1fa Addressed several minor issues revealed by static analysis (coverity, clang). Mostly to do with extreme corner cases in which a null pointer would be dereferenced, or dereferencing a non-null (but non-initialized) pointer would result in garbage. 2014-03-28 17:11:26 -06:00
Dennis Heimbigner
5ca78309cc The effect of this change is to make the struct NC structure
contain as little file-type specific info as possible.  It
modifies especially libsrc so that all of the netcdf-3 data
that used to be in struct NC is now kept in a separate chunk
of data pointed to by the struct NC. This makes all of
current protocols consistent: netcdf-3, netcdf-4, and dap.
2012-09-06 19:44:03 +00:00
Russ Rew
0790f81cf9 Merged var/dim name hashing for fast lookups into my branch. 2010-07-28 21:42:03 +00:00