Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-4904

Buffer overrun in wcslib causes stack corruption

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: wcslib
    • Labels:
      None
    • Templates:
    • Story Points:
      2
    • Sprint:
      Science Pipelines DM-W16-5
    • Team:
      Data Release Production

      Description

      The buffer 'msg' in wcsfix.c is used to report attempts by wcslib to re-format units found in fits files. It is allocated on the stack (in function 'unitfix') using a pre-processor macro defined size of 160 chars (set in wcserr.h). When attempting to run the function 'unitfix' in wcsfix, this buffer can overflow on some fits files (the raw files generated by HSC seem particularly prone to triggering this behavior) and results in the session being terminated on Ubuntu 14.04 as stack protection is turned on by default i.e. the stack crashes with a 'stack smashing detected' error. We have reported the bug to the creators of wcslib. As a temporary workaround, users affected by the bug should increase the default size of 'msg' by increasing WCSERR_MSG_LENGTH defined in wcserr.h

      We are providing a small python example that demonstrates the problem. Run it as
      python test.py <path to ci_hsc>/raw/<any fits file in this directory>

      We are also providing a simple c program to demonstrate the bug. Compile it as
      cc -fsanitize=address -g -I$WCSLIB_DIR/include/wcslib -o test test.c -L$WCSLIB_DIR/lib -lwcs (on Linux)
      cc -fsanitize=address -g -L$WCSLIB_DIR/lib -lwcs -I$WCSLIB_DIR/include/wcslib -o test test.c (on Mac OS X)

        Attachments

          Container Issues

            Issue Links

              Activity

                People

                • Assignee:
                  swinbank John Swinbank
                  Reporter:
                  vpk24 Vishal Kasliwal [X] (Inactive)
                  Reviewers:
                  Colin Slater
                  Watchers:
                  Colin Slater, John Swinbank, Tim Jenness, Vishal Kasliwal [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Summary Panel