Potential Buffer Overflow: predicates.c
Brought to you by:
popinet
Menu
▾
▴
#66 Potential Buffer Overflow: predicates.c
predicates.c: fast_expansion_sum_zeroelim: lines 698 - 710
I was tracing through the code using:
./examples/set inter ./test/boolean/surfaces/sphere.gts ./test/boolean/surfaces/sphere.gts
I added the printf. If this function is called from orient2dadapt line 899, eventually eindex = 3 and elen = 4, the 5th (or index 4) will be dereferenced. Is this supposed to happen, or should a post increment operator should be used? Please advise.
Monty
-----------------------
static int fast_expansion_sum_zeroelim(int elen, REAL *e,
int flen, REAL *f, REAL *h) {
...
while ((eindex < elen) && (findex < flen)) {
if ((fnow > enow) == (fnow > -enow)) {
Two_Sum(Q, enow, Qnew, hh);
printf("eindex: %d elen: %d\n", eindex, elen);
enow = e[++eindex];
} else {
Two_Sum(Q, fnow, Qnew, hh);
fnow = f[++findex];
}
Q = Qnew;
if (hh != 0.0) {
h[hindex++] = hh;
}
}
.....
}
static REAL orient2dadapt(REAL *pa, REAL *pb, REAL *pc, REAL detsum) {
...
REAL B[4], C1[8], C2[12], D[16];
C1length = fast_expansion_sum_zeroelim(4, B, 4, u, C1);
...
}