[sage-trac] Re: [Sage] #13731: Fix libsingular memory management

Thu, 22 Nov 2012 23:56:16 -0800 

#13731: Fix libsingular memory management
---------------------------+------------------------------------------------
       Reporter:  nbruin   |         Owner:  rlm     
           Type:  defect   |        Status:  new     
       Priority:  major    |     Milestone:  sage-5.6
      Component:  memleak  |    Resolution:          
       Keywords:           |   Work issues:          
Report Upstream:  N/A      |     Reviewers:          
        Authors:           |     Merged in:          
   Dependencies:           |      Stopgaps:          
---------------------------+------------------------------------------------

Comment (by nbruin):

 > {{{
 > ==30816== Invalid read of size 4
 > ==30816==    at 0x269CE137: rOrd_is_Totaldegree_Ordering(sip_sring*)
 (ring.cc:2074)
 > ...
 > }}}
 This is like shooting fish in a barrel. `ring.cc:157`:
 {{{
 ...
   int *order = (int *) omAlloc(2* sizeof(int));
 ...
   return rDefault(ch,N,n,2,order,block0,block1);
 }}}
 calling `ring.cc:127` (the variable `order` above gets passed as the
 parameter `ord` in the code below):
 {{{
   ring r=(ring) omAlloc0Bin(sip_sring_bin);
 ...
   r->order = ord;
 ...
   rComplete(r);
 }}}
 calling `ring.cc:3469`:
 {{{
   if (rOrd_is_Totaldegree_Ordering(r) ||
 rOrd_is_WeightedDegree_Ordering(r))
 }}}
 calling `ring.cc:2065`:
 {{{
 BOOLEAN rOrd_is_Totaldegree_Ordering(ring r)
 {
   // Hmm.... what about Syz orderings?
   return (rVar(r) > 1 &&
           ((rHasSimpleOrder(r) &&
            (rOrder_is_DegOrdering((rRingOrder_t)r->order[0]) ||
             rOrder_is_DegOrdering(( rRingOrder_t)r->order[1]))) ||
            (rHasSimpleOrderAA(r) &&
             (rOrder_is_DegOrdering((rRingOrder_t)r->order[1]) ||
              rOrder_is_DegOrdering((rRingOrder_t)r->order[2])))));
 }
 }}}
 As you see, that last line `...r->ord[2]` is indeed out of bound on a
 `2*sizeof(int)` block. The valgrind session seems to indicate this code
 path is indeed exercised.

-- 
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13731#comment:33>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica, 
and MATLAB

-- 
You received this message because you are subscribed to the Google Groups 
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/sage-trac?hl=en.

Reply via email to