Address sanitizer tests in the CI pipeline by jblueh · Pull Request #2246

Address sanitizer tests in the CI pipeline by jblueh · Pull Request #2246 · su2code/SU2

The address sanitizer reports a heap buffer overflow for this piece of code.

I presume the issue is the access SpanValuesDonor[kSpan + 1] in the case that kSpan == nSpanDonor - 1 so that kSpan references the last array entry already. Below is a stripped-down version of the corresponding code.

...
for (jSpan = 0; jSpan < nSpanDonor; jSpan++) {
  ...
  if (...)
    kSpan = jSpan;
  ...
}
... SpanValuesDonor[kSpan + 1] ...

Is someone familiar with the CInterface code and could make recommendations for a fix?

Below is the address sanitizer report, see also here.

==2308==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60f0008c96a0 at pc 0x558b6435ae51 bp 0x7ffc1cebf680 sp 0x7ffc1cebf670
READ of size 8 at 0x60f0008c96a0 thread T0
    #0 0x558b6435ae50 in CInterface::PreprocessAverage(CGeometry*, CGeometry*, CConfig const*, CConfig const*, unsigned short) ../SU2_CFD/src/interfaces/CInterface.cpp:314
    #1 0x558b6373d23a in CDriver::PreprocessTurbomachinery(CConfig**, CGeometry****, CSolver*****, CInterface***, bool) ../SU2_CFD/src/drivers/CDriver.cpp:2725
    #2 0x558b63770d76 in CDriver::CDriver(char*, unsigned short, int, bool) ../SU2_CFD/src/drivers/CDriver.cpp:250
    #3 0x558b637f54c2 in CMultizoneDriver::CMultizoneDriver(char*, unsigned short, int) ../SU2_CFD/src/drivers/CMultizoneDriver.cpp:35
    #4 0x558b63615b53 in main ../SU2_CFD/src/SU2_CFD.cpp:135
    #5 0x7f0d8c503082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #6 0x558b6367005d in _start (/github/workspace/install/bin/SU2_CFD+0x63405d)

0x60f0008c96a0 is located 0 bytes to the right of 176-byte region [0x60f0008c95f0,0x60f0008c96a0)
allocated by thread T0 here:
    #0 0x7f0d8ed00787 in operator new[](unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:107
    #1 0x558b656d1590 in CPhysicalGeometry::ComputeNSpan(CConfig*, unsigned short, unsigned short, bool) ../Common/src/geometry/CPhysicalGeometry.cpp:4806
    #2 0x558b6373c1df in CDriver::PreprocessTurbomachinery(CConfig**, CGeometry****, CSolver*****, CInterface***, bool) ../SU2_CFD/src/drivers/CDriver.cpp:2649
    #3 0x558b63770d76 in CDriver::CDriver(char*, unsigned short, int, bool) ../SU2_CFD/src/drivers/CDriver.cpp:250
    #4 0x558b637f54c2 in CMultizoneDriver::CMultizoneDriver(char*, unsigned short, int) ../SU2_CFD/src/drivers/CMultizoneDriver.cpp:35
    #5 0x558b63615b53 in main ../SU2_CFD/src/SU2_CFD.cpp:135
    #6 0x7f0d8c503082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)