Menu

#2 Potential Integer Overflow vulnerability in src/celeste/svm.cpp  Edit

open
nobody
None
2021-09-03
2021-09-03
Anonymous
No

There seems to be potential integer overflow vulnerability in src/celeste/svm.cpp.
In line 2862, model->nr_class is read from external source.

(2862) FSCANF(fp,"%d",&model->nr_class);
...
(2867) int n = model->nr_class * (model->nr_class-1)/2;
(2868) model->rho = Malloc(double,n);

If model->nr_class is a large integer that can cause integer overflow in line 2867,
allocation of memory on 2868 may happen with unexpected value.

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.