memory overflow reported in tst_h_dimscales #505
Description
I built the HEAD with gcc address/memory checking turned on. Turns out there are some memory leaks/overflows.
See #504 for build info.
./tst_h_dimscales
*** Checking HDF5 dimension scales.
*** Creating simple dimension scales file...ok.
*** Checking that simple dimscale file can be read...ok.
*** Creating simple dimension scales file with lots of datasets...ok.
*** Creating a file with an unlimited dimension scale...ok.
=================================================================
==22535==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe37d95610 at pc 0x557a8a8165d8 bp 0x7ffe37d94fa0 sp 0x7ffe37d94f90
WRITE of size 8 at 0x7ffe37d95610 thread T0
#0 0x557a8a8165d7 in alien_visitor /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:25
#1 0x7fbc424f0ed7 in H5DSiterate_scales /home/ed/Downloads/hdf5-1.10.1/hl/src/H5DS.c:1357
#2 0x557a8a81b104 in main /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:437
#3 0x7fbc4195c3f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
#4 0x557a8a816309 in _start (/home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales+0x2309)
Address 0x7ffe37d95610 is located in stack of thread T0 at offset 32 in frame
#0 0x557a8a817697 in main /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:118
This frame has 12 object(s):
[32, 36) 'visitor_data' <== Memory access at offset 32 partially overflows this variable
[96, 104) 'num_obj'
[160, 168) 'i'
[224, 232) 'num_obj'
[288, 296) 'dims'
[352, 360) 'maxdims'
[416, 432) 'dims'
[480, 504) 'dims'
[544, 568) 'max_dims'
[608, 4608) 'var1_datasetid'
[4640, 4896) 'obj_name'
[4928, 5184) 'label'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/ed/tmp/netcdf-c/h5_test/tst_h_dimscales.c:25 in alien_visitor
Shadow bytes around the buggy address:
0x100046faaa70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100046faaa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100046faaa90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100046faaaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100046faaab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x100046faaac0: f1 f1[04]f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
0x100046faaad0: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
0x100046faaae0: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
0x100046faaaf0: f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 00 f4 f2 f2
0x100046faab00: f2 f2 00 00 00 f4 f2 f2 f2 f2 00 00 00 00 00 00
0x100046faab10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==22535==ABORTING>