[sage-trac] Re: [Sage] #11771: sage crashes on some degenerate flint xgcd's

Sage Mon, 05 Sep 2011 13:55:57 -0700

#11771: sage crashes on some degenerate flint xgcd's
--------------------------------+-------------------------------------------
   Reporter:  lftabera          |          Owner:  AlexGhitza                  
       Type:  defect            |         Status:  new                         
   Priority:  critical          |      Milestone:  sage-4.7.2                  
  Component:  basic arithmetic  |       Keywords:  flint, crash, xgcd fmpq_poly
Work_issues:                    |       Upstream:  N/A                         
   Reviewer:                    |         Author:                              
     Merged:                    |   Dependencies:                              
--------------------------------+-------------------------------------------


Comment(by leif):

 >
 {{{

 ==6335== Invalid write of size 8
 ==6335==    at 0x4E69CDF: fmpz_mul (mpn_extras.h:100)
 ==6335==    by 0x409DAA: fmpq_poly_xgcd (fmpq_poly.c:2372)
 ==6335==    by 0x4028AF: main (fmpq_poly-example-2.c:56)
 ==6335==  Address 0x6479440 is not stack'd, malloc'd or (recently) free'd
 ==6335==
 ==6335== Invalid read of size 8
 ==6335==    at 0x4E69A87: fmpz_mul (fmpz.c:442)
 ==6335==    by 0x409DC8: fmpq_poly_xgcd (fmpq_poly.c:2373)
 ==6335==    by 0x4028AF: main (fmpq_poly-example-2.c:56)
 ==6335==  Address 0x6479440 is not stack'd, malloc'd or (recently) free'd
 ==6335==
 }}}

 It seems the memory allocated for `temp` is insufficient:
 {{{
 #!C
     /* Now the following equation holds:
 */
     /*   rop->den rop->num ==
 */
     /*             (s->num a->den / s->den) a +  (t->num b->den / t->den)
 b. */

     limbs = FLINT_MAX(s->num->limbs, t->num->limbs);
     limbs = FLINT_MAX(limbs, fmpz_size(s->den));
     limbs = FLINT_MAX(limbs, fmpz_size(t->den) + fmpz_size(rop->den) +
 fmpz_size(lead));
     temp = fmpz_init(limbs);

     s->den = fmpz_realloc(s->den, fmpz_size(s->den) + fmpz_size(rop->den)
                                                     + fmpz_size(lead));
     if (!fmpz_is_one(a->den))
         fmpz_poly_scalar_mul_fmpz(s->num, s->num, a->den);
     fmpz_mul(temp, s->den, rop->den); // this is line 2372, invalid write
     fmpz_mul(s->den, temp, lead);     // this is line 2373, invalid read

 }}}

 Which would mean the bug is in `fmpq_poly`, not FLINT.

 (To verify this, you could rescale your polynomials to integer ones and
 use only FLINT's `fmpz_poly` functions instead, as mentioned earlier.)

-- 
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/11771#comment:15>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica, 
and MATLAB

-- 
You received this message because you are subscribed to the Google Groups 
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/sage-trac?hl=en.

[sage-trac] Re: [Sage] #11771: sage crashes on some degenerate flint xgcd's

Reply via email to