Ubuntu
gdal package

xenial gdalinfo segfault on concrete netcdf file

Bug #1637228 reported by Marcos Sánchez Provencio on 2016-10-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gdal (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

When trying to get information on a .nc file, gdalinfo (and many other uses of gdal on this concrete file) segfaults.

meteogrid@xenial:~$ gdalinfo salida.nc
Segmentation fault

gdb on a similar file shows this:

#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007ffff7356ec3 in NCDFSafeStrcat (ppszDest=ppszDest@entry=0x7fffffff1378, pszSrc=pszSrc@entry=0x7ffff787d21d "}", nDestSize=nDestSize@entry=0x7fffffff1370) at netcdfdataset.cpp:6268
#2 0x00007ffff7357125 in NCDFGetAttr1 (nCdfId=nCdfId@entry=65536, nVarId=nVarId@entry=7, pszAttrName=pszAttrName@entry=0x7fffffff33f0 "valid_range", pdfValue=pdfValue@entry=0x0, pszValue=pszValue@entry=0x7fffffff33e8,
bSetPszValue=bSetPszValue@entry=1) at netcdfdataset.cpp:6426
#3 0x00007ffff7357dc4 in NCDFGetAttr (pszValue=0x7fffffff33e8, pszAttrName=0x7fffffff33f0 "valid_range", nVarId=7, nCdfId=65536) at netcdfdataset.cpp:6449
#4 netCDFDataset::ReadAttributes (this=this@entry=0x65d0d0, cdfid=65536, var=7) at netcdfdataset.cpp:4085
#5 0x00007ffff735fcf2 in netCDFDataset::Open (poOpenInfo=<optimized out>) at netcdfdataset.cpp:4809
#6 0x00007ffff74ae10d in GDALOpenInternal (oOpenInfo=..., papszAllowedDrivers=papszAllowedDrivers@entry=0x0) at gdaldataset.cpp:2314
#7 0x00007ffff74ae366 in GDALOpenInternal (pszFilename=pszFilename@entry=0x65c5c0 "NETCDF:mermaid/CTTH/S_NWC_CTTH_MSG3_Europe-VISIR_20161009T000000Z.nc:ctth_quality", eAccess=eAccess@entry=GA_ReadOnly,
papszAllowedDrivers=papszAllowedDrivers@entry=0x0) at gdaldataset.cpp:2263
#8 0x00007ffff74ae3b7 in GDALOpen (pszFilename=pszFilename@entry=0x65c5c0 "NETCDF:mermaid/CTTH/S_NWC_CTTH_MSG3_Europe-VISIR_20161009T000000Z.nc:ctth_quality", eAccess=eAccess@entry=GA_ReadOnly) at gdaldataset.cpp:2254
#9 0x0000000000402bb5 in main (argc=2, argv=0x65c580) at gdalinfo.c:183

Thank you very much.

Tags:

Revision history for this message

Bas Couwenberg (sebastic) wrote on 2016-10-27:

Is this gdal from the Ubuntu xenial repositories or from the UbuntuGIS PPA?

Please also provide the salida.nc file to help reproduce this issue.

Revision history for this message

Marcos Sánchez Provencio (rapto) wrote on 2016-10-28:

File that makes gdalinfo segfault Edit (23.3 KiB, application/x-netcdf)

Revision history for this message

Marcos Sánchez Provencio (rapto) wrote on 2016-10-28:

I was quite sure I had attached the file, sorry for that.

This is the standard gdal package. I am trying ubuntugis now, although only unstable is available for xenial.

Revision history for this message

Marcos Sánchez Provencio (rapto) wrote on 2016-10-28:

ubuntugis unstable does work

Revision history for this message

Bas Couwenberg (sebastic) wrote on 2016-10-28:

Download full text (4.6 KiB)

Ubuntu xenial has GDAL 1.11.3 and the ubuntugis-unstable PPA has GDAL 2.1.0, and quite a lot of changes to the NetCDF driver have been made between those release.

Valgrid reports the following for the gdalinfo command with the gdal & netcdf debug packages installed:

==9254== Invalid read of size 1
==9254== at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9254== by 0x53F2EC2: NCDFSafeStrcat(char**, char*, unsigned long*) (netcdfdataset.cpp:6268)
==9254== by 0x53F3124: NCDFGetAttr1(int, int, char const*, double*, char**, int) (netcdfdataset.cpp:6426)
==9254== by 0x53F3DC3: NCDFGetAttr (netcdfdataset.cpp:6449)
==9254== by 0x53F3DC3: netCDFDataset::ReadAttributes(int, int) (netcdfdataset.cpp:4085)
==9254== by 0x53FBCF1: netCDFDataset::Open(GDALOpenInfo*) (netcdfdataset.cpp:4809)
==9254== by 0x554A10C: GDALOpenInternal(GDALOpenInfo&, char const* const*) (gdaldataset.cpp:2314)
==9254== by 0x554A365: GDALOpenInternal(char const*, GDALAccess, char const* const*) (gdaldataset.cpp:2263)
==9254== by 0x402BB4: ??? (in /usr/bin/gdalinfo)
==9254== by 0x642B82F: (below main) (libc-start.c:291)
==9254== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9254==
==9254==
==9254== Process terminating with default action of signal 11 (SIGSEGV)
==9254== Access not within mapped region at address 0x0
==9254== at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9254== by 0x53F2EC2: NCDFSafeStrcat(char**, char*, unsigned long*) (netcdfdataset.cpp:6268)
==9254== by 0x53F3124: NCDFGetAttr1(int, int, char const*, double*, char**, int) (netcdfdataset.cpp:6426)
==9254== by 0x53F3DC3: NCDFGetAttr (netcdfdataset.cpp:6449)
==9254== by 0x53F3DC3: netCDFDataset::ReadAttributes(int, int) (netcdfdataset.cpp:4085)
==9254== by 0x53FBCF1: netCDFDataset::Open(GDALOpenInfo*) (netcdfdataset.cpp:4809)
==9254== by 0x554A10C: GDALOpenInternal(GDALOpenInfo&, char const* const*) (gdaldataset.cpp:2314)
==9254== by 0x554A365: GDALOpenInternal(char const*, GDALAccess, char const* const*) (gdaldataset.cpp:2263)
==9254== by 0x402BB4: ??? (in /usr/bin/gdalinfo)
==9254== by 0x642B82F: (below main) (libc-start.c:291)
==9254== If you believe this happened as a result of a stack
==9254== overflow in your program's main thread (unlikely but
==9254== possible), you can try to increase the size of the
==9254== main thread stack using the --main-stacksize= flag.
==9254== The main thread stack size used in this run was 8388608.
==9254==
==9254== HEAP SUMMARY:
==9254== in use at exit: 1,789,968 bytes in 6,243 blocks
==9254== total heap usage: 11,605 allocs, 5,362 frees, 2,340,923 bytes allocated
==9254==
==9254== LEAK SUMMARY:
==9254== definitely lost: 0 bytes in 0 blocks
==9254== indirectly lost: 0 bytes in 0 blocks
==9254== possibly lost: 0 bytes in 0 blocks
==9254== still reachable: 1,789,968 bytes in 6,243 blocks
==9254== of which reachable via heuristic:
==9254== length64 : 56,956 bytes in 61 blocks
==9254== newarray : 288 bytes in 16 blocks
==9254== ...

Ubuntu xenial has GDAL 1.11.3 and the ubuntugis-unstable PPA has GDAL 2.1.0, and quite a lot of changes to the NetCDF driver have been made between those release.

Valgrid reports the following for the gdalinfo command with the gdal & netcdf debug packages installed:

==9254== Invalid read of size 1
==9254==    at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9254==    by 0x53F2EC2: NCDFSafeStrcat(char**, char*, unsigned long*) (netcdfdataset.cpp:6268)
==9254==    by 0x53F3124: NCDFGetAttr1(int, int, char const*, double*, char**, int) (netcdfdataset.cpp:6426)
==9254==    by 0x53F3DC3: NCDFGetAttr (netcdfdataset.cpp:6449)
==9254==    by 0x53F3DC3: netCDFDataset::ReadAttributes(int, int) (netcdfdataset.cpp:4085)
==9254==    by 0x53FBCF1: netCDFDataset::Open(GDALOpenInfo*) (netcdfdataset.cpp:4809)
==9254==    by 0x554A10C: GDALOpenInternal(GDALOpenInfo&, char const* const*) (gdaldataset.cpp:2314)
==9254==    by 0x554A365: GDALOpenInternal(char const*, GDALAccess, char const* const*) (gdaldataset.cpp:2263)
==9254==    by 0x402BB4: ??? (in /usr/bin/gdalinfo)
==9254==    by 0x642B82F: (below main) (libc-start.c:291)
==9254==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9254== 
==9254== 
==9254== Process terminating with default action of signal 11 (SIGSEGV)
==9254==  Access not within mapped region at address 0x0
==9254==    at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9254==    by 0x53F2EC2: NCDFSafeStrcat(char**, char*, unsigned long*) (netcdfdataset.cpp:6268)
==9254==    by 0x53F3124: NCDFGetAttr1(int, int, char const*, double*, char**, int) (netcdfdataset.cpp:6426)
==9254==    by 0x53F3DC3: NCDFGetAttr (netcdfdataset.cpp:6449)
==9254==    by 0x53F3DC3: netCDFDataset::ReadAttributes(int, int) (netcdfdataset.cpp:4085)
==9254==    by 0x53FBCF1: netCDFDataset::Open(GDALOpenInfo*) (netcdfdataset.cpp:4809)
==9254==    by 0x554A10C: GDALOpenInternal(GDALOpenInfo&, char const* const*) (gdaldataset.cpp:2314)
==9254==    by 0x554A365: GDALOpenInternal(char const*, GDALAccess, char const* const*) (gdaldataset.cpp:2263)
==9254==    by 0x402BB4: ??? (in /usr/bin/gdalinfo)
==9254==    by 0x642B82F: (below main) (libc-start.c:291)
==9254==  If you believe this happened as a result of a stack
==9254==  overflow in your program's main thread (unlikely but
==9254==  possible), you can try to increase the size of the
==9254==  main thread stack using the --main-stacksize= flag.
==9254==  The main thread stack size used in this run was 8388608.
==9254== 
==9254== HEAP SUMMARY:
==9254==     in use at exit: 1,789,968 bytes in 6,243 blocks
==9254==   total heap usage: 11,605 allocs, 5,362 frees, 2,340,923 bytes allocated
==9254== 
==9254== LEAK SUMMARY:
==9254==    definitely lost: 0 bytes in 0 blocks
==9254==    indirectly lost: 0 bytes in 0 blocks
==9254==      possibly lost: 0 bytes in 0 blocks
==9254==    still reachable: 1,789,968 bytes in 6,243 blocks
==9254==                       of which reachable via heuristic:
==9254==                         length64           : 56,956 bytes in 61 blocks
==9254==                         newarray           : 288 bytes in 16 blocks
==9254==         suppressed: 0 bytes in 0 blocks
==9254== Rerun with --leak-check=full to see details of leaked memory
==9254== 
==9254== For counts of detected and suppressed errors, rerun with: -v
==9254== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault

The GDAL 1.11.3 code in question (frmts/netcdf/netcdfdataset.cpp):

6265 CPLErr NCDFSafeStrcat(char** ppszDest, char* pszSrc, size_t* nDestSize)
6266 {
6267     /* Reallocate the data string until the content fits */
6268     while(*nDestSize < (strlen(*ppszDest) + strlen(pszSrc) + 1)) {
6269         (*nDestSize) *= 2;
6270         *ppszDest = (char*) CPLRealloc((void*) *ppszDest, *nDestSize);
6271 #ifdef NCDF_DEBUG
6272         CPLDebug( "GDAL_netCDF", "NCDFSafeStrcat() resized str from %ld to %ld", (*nDestSize)/2, *nDestSize );
6273 #endif
6274     }
6275     strcat(*ppszDest, pszSrc);
6276 
6277     return CE_None;
6278 }

ncdump does handle the file successfully and reports that the ctth_quality variable has the ushort type, GDAL 2.1.0 added full read/write support for new NetCDF4 types like this.

So I think we can conclude that GDAL 1.11.3 in xenial doesn't support NetCDF4 sufficiently. Since backporting a fix for this issue doesn't seem feasible, and the GIS packages in Ubuntu are not actively maintained (because the manpower is in Debian), a fix for the package in xenial can pretty much be ruled out. Using the newer packages from UbuntuGIS is a good alternative until the next LTS.

Revision history for this message

Bas Couwenberg (sebastic) wrote on 2016-10-28:

GDAL 2.1.0 adds support for the NetCDF4 datatypes used in the dataset.

Changed in gdal (Ubuntu):
status:	New → Fix Released

Revision history for this message

Marcos Sánchez Provencio (rapto) wrote on 2016-10-28:

Thank you very much; we'll use the unstable ppa. Do you know any reason for the "stable" ubuntugis ppa not offering xenial packages?

Revision history for this message

Angelos Tzotsos (gcpp-kalxas) wrote on 2016-10-28:

We are in the process of moving the unstable packages to stable.

Revision history for this message

Bas Couwenberg (sebastic) wrote on 2016-10-28:

Because UbuntuGIS has a lack of manpower.

There are plans to copy the packages from ubuntugis-unstable to -stable for trusty at least:

https://lists.osgeo.org/pipermail/ubuntu/2016-October/001528.html

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

File that makes gdalinfo segfault Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugdal package

xenial gdalinfo segfault on concrete netcdf file

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
gdal package