[Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15_

octave-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #59094] Possible integer overflow in ode15

From:	Markus Mützel
Subject:	[Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15__.cc
Date:	Thu, 10 Sep 2020 11:40:08 -0400 (EDT)
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Edg/85.0.564.44

URL:
  <https://savannah.gnu.org/bugs/?59094>

                 Summary: Possible integer overflow in __ode15__.cc
                 Project: GNU Octave
            Submitted by: mmuetzel
            Submitted on: Thu 10 Sep 2020 05:40:06 PM CEST
                Category: Interpreter
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: Segfault, Bus Error, etc.
                  Status: None
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
                 Release: dev
         Discussion Lock: Any
        Operating System: Any

    _______________________________________________________

Details:

It is possible that the multiplication m_num*m_num in the following line in
__ode15__.cc can overflow:

        m_sunJacMatrix = SUNSparseMatrix (m_num, m_num, m_num*m_num,
CSC_MAT);


https://hg.savannah.gnu.org/hgweb/octave/file/0c9a5eae6c27/libinterp/dldfcn/__ode15__.cc#l404

jwe suggested in bug #58795:
> Gnulib has macros for checking whether integer operations overflow, or we
could (conditionally) use things like __builtin_mul_overflow to multiply
dimensions and check for overflow.
> I recently noticed that one of the Octave dependencies (maybe it was
Sundials?) was using the portable snippets library for this job.  Perhaps we
could use that or at least borrow ideas from it.  See, for example, 
https://github.com/nemequ/portable-snippets/tree/master/safe-math
> I hope we can refactor so that we limit the number of places where checks
like this are needed.

The gnulib macros are probably the ones in "intprops.h":
https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/intprops.h;h=df66a3877abbe9e563e2b285297e2702c8106adc;hb=HEAD

IIUC, we try to avoid including gnulib headers directly. Instead we have
wrappers for the functions we want to use.
I don't know how to do something similar with these macros.
Is it ok to include that header directly?





    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?59094>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15__.cc, Markus Mützel <=
- [Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15__.cc, Markus Mützel, 2020/09/14
  - [Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15__.cc, Markus Mützel, 2020/09/19

Prev by Date: [Octave-bug-tracker] [bug #58795] ode15i and ode15s fail for Windows 32bit
Next by Date: [Octave-bug-tracker] [bug #58795] ode15i and ode15s fail for Windows 32bit
Previous by thread: [Octave-bug-tracker] [bug #57033] Replace CXSPARSE with SPQR
Next by thread: [Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15__.cc
Index(es):
- Date
- Thread

[Octave-bug-tracker] [bug #59094] Possible integer overflow in __ode15__

[Octave-bug-tracker] [bug #59094] Possible integer overflow in ode15