core
/
eccodes
mirror of https://github.com/ecmwf/eccodes.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ECC-1118: Crash: substr function called with invalid indexes

This commit is contained in:
Shahram Najm 2020-05-31 13:39:21 +01:00
parent 9e302f2807
commit 7b8b63e1a6
3 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/grib_accessor_class_variable.c
View File

@ -175,8 +175,9 @@ static void init(grib_accessor* a, const long length, grib_arguments* args)
len = sizeof(tmp);
p = grib_expression_evaluate_string(hand, expression, tmp, &len, &ret);
if (ret != GRIB_SUCCESS) {
grib_context_log(a->context, GRIB_LOG_ERROR, "unable to evaluate %s as string", a->name);
Assert(0);
grib_context_log(a->context, GRIB_LOG_ERROR, "unable to evaluate %s as string: %s",
a->name, grib_get_error_message(ret));
return;
}
len = strlen(p) + 1;
pack_string(a, p, &len);

4
src/grib_expression_class_accessor.c
View File

@ -116,6 +116,10 @@ static string evaluate_string(grib_expression* g, grib_handle* h, char* buf, siz
grib_expression_accessor* e = (grib_expression_accessor*)g;
char mybuf[1024] = {0,};
long start = e->start;
if (e->length > sizeof(mybuf)) {
*err = GRIB_INVALID_ARGUMENT;
return NULL;
}
Assert(buf);
if ((*err = grib_get_string_internal(h, e->name, mybuf, size)) != GRIB_SUCCESS)

15
src/grib_expression_class_sub_string.c
View File

@ -111,9 +111,22 @@ grib_expression* new_sub_string_expression(grib_context* c, const char* value, s
{
char v[1024] = {0,};
grib_expression_sub_string* e = (grib_expression_sub_string*)grib_context_malloc_clear_persistent(c, sizeof(grib_expression_sub_string));
const size_t slen = strlen(value);
/* if (start<0) start+=strlen(value); */
if (length == 0) {
grib_context_log(c, GRIB_LOG_ERROR, "Invalid substring: length must be > 0");
return NULL;
}
if (start > slen) { /* to catch a -ve number passed to start */
grib_context_log(c, GRIB_LOG_ERROR, "Invalid substring: start=%lu", start);
return NULL;
}
if (start + length > slen) {
grib_context_log(c, GRIB_LOG_ERROR, "Invalid substring: start(=%lu)+length(=%lu) > length('%s'))",start, length,value);
return NULL;
}
memcpy(v, value + start, length);
e->base.cclass = grib_expression_class_sub_string;
e->value = grib_context_strdup_persistent(c, v);