`mpp_check_field_2d_type1` has use after free

Open foxtran opened this issue 2 months ago • 0 comments

Describe the bug

In the following fragment, deallocation happens right after usage, however, since, mpp_send does not have mpp_sync inside of the call, actual data send may happen at any time before mpp_sync. So, deallocation between these two points is not safe.

mpp_send: https://github.com/NOAA-GFDL/FMS/blob/f13435f7a23f24d9eebcf01ca520cd67851b087b/mpp/include/mpp_domains_misc.inc#L338-L339

sync point: https://github.com/NOAA-GFDL/FMS/blob/f13435f7a23f24d9eebcf01ca520cd67851b087b/mpp/include/mpp_domains_misc.inc#L379

It was detected with AddressSanitizer.

To Reproduce Compile and run tests with -fsanitize=address.

Expected behavior No ASan error.

System Environment Describe the system environment, include:

OS: I do not remember
Compiler(s): GCC 14.?.?
MPI type, and version ???
netCDF Version: 4.9.3
Configure options: FFLAGS="-fsanitize=address", LDFLAGS="-fsanitize=address"

Dec 09 '25 13:12 foxtran