Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixed integer overflow in operator[] of (Const)PairIterator #159

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fixed integer overflow in operator[] of (Const)PairIterator #159

wants to merge 1 commit into from

Conversation

toschaefer
Copy link

Hello!

Thanks for this great project.

I observed an integer overflow in PairIterator::operator[] and ConstPairIterator::operator[].

The following minimal example allows to reproduce this issue. I spotted it when filling a sparse tensor, but it could also occur in other situations.

int64_t N = 400; // works for (e.g.) N=100, crashes for N=400
int64_t dddd[] = {N, N, N, N}; // for tensor of order 4
int syms[] = {NS, NS, NS, NS}; // no symmetry
CTF::Tensor<double> T(4, true, dddd, syms, dw);

double sparsity = 0.1;
T.fill_sp_random(0, 1, sparsity); // crashes due to integer overflow

For this particular example the integer overflow is located here:
In the line 1039 of the source file src/redistribution/sparse_rw.cxx the variable nwrite is of type int64_t and can cause an integer overflow when it is passed to the PairIterator::operator[] in swap_data[nwrite]:

int64_t new_num_pair, nwrite, swp;
// [...]
int64_t ky = swap_data[nwrite].k();

The issue is fixed by replacing operator[](int n) with operator[](int64_t n).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@toschaefer