[gdal-dev] Grib2 Question
Kurt Schwehr
schwehr at gmail.com
Tue Nov 7 13:51:30 PST 2017
It's possible to cause massive allocations with a tiny corrupted grib file
causing an out-of-memory. I found that case with the llvm ASAN fuzzer. If
you have a specification that gives a more reasoned maximum or a better
overall check, I'm listening. I definitely think the sanity checking can
be improved. Mostly I just try to survive the g2clib code. It doesn't
come with tests and digging through GRIB specs to match up to g2clib source
isn't my favorite thing to do.
https://github.com/OSGeo/gdal/commit/ae92f7fb8e32381124a37588d27b9af695afce20
On Tue, Nov 7, 2017 at 1:22 PM, Roarke Gaskill <roarke.gaskill at weather.com>
wrote:
> Hi,
>
> Why is the number of points greater than 33554432 considered nonsense?
>
> https://github.com/OSGeo/gdal/blob/trunk/gdal/frmts/grib/
> degrib18/g2clib-1.0.4/g2_unpack5.c#L77
>
>
> Thanks,
> Roarke
>
>
>
> _______________________________________________
> gdal-dev mailing list
> gdal-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/gdal-dev
>
--
--
http://schwehr.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20171107/8ae1e194/attachment.html>
More information about the gdal-dev
mailing list