Skip to content

heap-buffer-overflow triggered if layer_soil_type > max_valid_soil_types #50

Open
Open
heap-buffer-overflow triggered if layer_soil_type > max_valid_soil_types#50
Labels
bugSomething isn't working
@aaraney

Description

@aaraney
aaraney
opened on Mar 10, 2026

Reproduce:

cmake -B build -S . -DCMAKE_CXX_FLAGS=-fsanitize=address
cmake --build build --target lasam_standalone

Change tests/configs/config_lasam_synth_0.txt

-layer_soil_type=13,14,15
+layer_soil_type=13,14,16
cd tests
./run_synthetic.sh 0
sanitizer output 
Running synthetic example 0
Verbosity is set to ' low' 
          *****         
------------- Initialization from config file ---------------------- 
=================================================================
==46533==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x000103b03fb0 at pc 0x0001002fd7b4 bp 0x00016fb3de50 sp 0x00016fb3de48
READ of size 8 at 0x000103b03fb0 thread T0
    #0 0x1002fd7b0 in InitializeWettingFronts(int, double, int*, double*, double*, wetting_front**, soil_properties_*)+0x12c (lasam_standalone:arm64+0x1000417b0) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #1 0x1002fb5bc in InitFromConfigFile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, model_state*)+0x9554 (lasam_standalone:arm64+0x10003f5bc) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #2 0x1002f0098 in lgar_initialize(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, model_state*)+0x14c (lasam_standalone:arm64+0x100034098) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #3 0x1002d6728 in BmiLGAR::Initialize(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>)+0x2e8 (lasam_standalone:arm64+0x10001a728) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #4 0x1002be950 in main+0x3c4 (lasam_standalone:arm64+0x100002950) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #5 0x196f2e0dc  (<unknown module>)

0x000103b03fb0 is located 48 bytes to the right of 1792-byte region [0x000103b03880,0x000103b03f80)
allocated by thread T0 here:
    #0 0x100b39498 in wrap__Znam+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x51498) (BuildId: f0a7ac5c49bc3abc851181b6f92b308a32000000200000000100000000000b00)
    #1 0x1002f8558 in InitFromConfigFile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, model_state*)+0x64f0 (lasam_standalone:arm64+0x10003c558) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #2 0x1002f0098 in lgar_initialize(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, model_state*)+0x14c (lasam_standalone:arm64+0x100034098) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #3 0x1002d6728 in BmiLGAR::Initialize(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>)+0x2e8 (lasam_standalone:arm64+0x10001a728) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #4 0x1002be950 in main+0x3c4 (lasam_standalone:arm64+0x100002950) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00)
    #5 0x196f2e0dc  (<unknown module>)

SUMMARY: AddressSanitizer: heap-buffer-overflow (lasam_standalone:arm64+0x1000417b0) (BuildId: ca50afd935463edfb46a0581605989cd32000000200000000100000000030d00) in InitializeWettingFronts(int, double, int*, double*, double*, wetting_front**, soil_properties_*)+0x12c
Shadow bytes around the buggy address:
  0x0070207807a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070207807b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070207807c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070207807d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070207807e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0070207807f0: fa fa fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa
  0x007020780800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x007020780810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x007020780820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x007020780830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x007020780840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==46533==ABORTING
malloc
malloc
./run_synthetic.sh: line 16: 46533 Abort trap: 6           ../build/lasam_standalone configs/config_lasam_synth_${case}.txt

Runtime environment:
Compiler: Apple clang version 14.0.3 (clang-1403.0.22.14.1)
OS: macOS arm64

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions