`SEGV` crash within `Document::InsertColumn` function

**Description**:

Hi, I encountered a `SEGV` crash when invoking `Document::InsertColumn` function to insert a column into a CSV document. The crash occurs during the `itRow->insert()` invocation (line 844), where `itRow` vector has a length of `1`, while the insert index `dataColumnIdx` has a value of `2`, causing an out-of-bound write access. The related source code is shown below:

https://github.com/d99kris/rapidcsv/blob/083851d2f4fed13130e347307411e1cb5eba42a4/src/rapidcsv.h#L839-L846

The ASan report is:

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==687954==ERROR: AddressSanitizer: SEGV on unknown address 0x506000040000 (pc 0x74ada89688df bp 0x7ffc67570680 sp 0x7ffc67570608 T0)
==687954==The signal is caused by a WRITE memory access.
    #0 0x74ada89688df in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x1688df) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
    #1 0x643e3cf8ded0 in void std::__new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/new_allocator.h:191:23
    #2 0x643e3cf8ded0 in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>::construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>(std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/alloc_traits.h:538:8
    #3 0x643e3cf8ded0 in void std::__relocate_object_a<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/stl_uninitialized.h:1077:7
    #4 0x643e3cf8de3e in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>* std::__relocate_a_1<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/stl_uninitialized.h:1105:2
    #5 0x643e3cf8ddee in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>* std::__relocate_a<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/stl_uninitialized.h:1147:14
    #6 0x643e3cf8d98c in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>::_S_relocate(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/stl_vector.h:509:9
    #7 0x643e3cf9ab27 in void std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>::_M_realloc_insert<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&>(__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/vector.tcc:485:23
    #8 0x643e3cf989bc in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>::insert(__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/vector.tcc:170:2
    #9 0x643e3cf849d6 in void rapidcsv::Document::InsertColumn<int>(unsigned long, std::vector<int, std::allocator<int>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /home/pvz122/proj/llm/abl-afgenllm/database/rapidcsv/latest/code/src/rapidcsv.h:844:18
    #10 0x643e3cf82703 in main /home/pvz122/proj/llm/poc/rapidcsv/2/poc.cpp:6:7
    #11 0x74ada842a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #12 0x74ada842a28a in __libc_start_main csu/../csu/libc-start.c:360:3
    #13 0x643e3cea6a24 in _start (/home/pvz122/proj/llm/poc/rapidcsv/2/poc+0x2ea24) (BuildId: d5d80e3cdd177787fd100ea1e631463003ba8c9f)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0x1688df) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1) in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&&)
==687954==ABORTING
```

This crash appears to be a bug of the library and can cause security issues.

**How to reproduce it**:

The PoC program is:

```cpp
#include "rapidcsv.h"

int main() {
  rapidcsv::Document doc("./poc.csv");
  std::vector<int> columnData = {1, 2, 3};
  doc.InsertColumn(2, columnData, "ColumnName");
  return 0;
}
```

And the PoC CSV file can be downloaded at [here](https://github.com/pvz122/PoC/blob/7ec45fef52c0d2db5385891eafef641b5b546787/rapidcsv/2/poc.csv).

The build command is like:

```bash
clang++ poc.cpp -o poc -fsanitize=address -g -I rapidcsv/src
```

**Environment**:
- Version: 8.85
- OS / distro: Ubuntu 24.04


	for (auto itRow = mData.begin(); itRow != mData.end(); ++itRow)
	{
	if (std::distance(mData.begin(), itRow) >= mLabelParams.mColumnNameIdx)
	{
	const size_t rowIdx = static_cast<size_t>(std::distance(mData.begin(), itRow));
	itRow->insert(itRow->begin() + static_cast<int>(dataColumnIdx), column.at(rowIdx));
	}
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

`SEGV` crash within `Document::InsertColumn` function #187

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

SEGV crash within Document::InsertColumn function #187

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

`SEGV` crash within `Document::InsertColumn` function #187