From: Francois B. <fra...@ki...> - 2016-09-12 20:29:36
|
Hello, I found a small bug in vnl_random::lrand32(int lower, int upper) and vnl_random::lrand32(int lower, int upper, int &count). If upper is too large, and lower is too low, this can lead to a buffer overflow problem and the function gets stuck in a loop. This happens because the two values are subtracted. Addionnally, if one gives lower=0 and upper=std::numeric_limits<int>::max() as inputs to the function, this will also lead to a buffer overflow due to the "+1" in the computation of the range. To avoid this problem, the input, lower and upper, can be casted to long before computing the range. The simple fix is included in the patch attached to this email. This seems to be a logical fix as "range" is already an "unsigned long" variable. Hope this helps, Francois |