From fc0fb5ba02953d6e15424ce3a2d8f5b52380ffb4 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sun, 25 Jun 2023 13:43:35 -0400 Subject: [PATCH 1/1] src/vecteur.cc: fix invalid vector indexing. A few places in vector.cc use the construct &buffer[n]-m where "buffer" is an std::vector and "n" its size. This is undefined behavior since the index is outside of the allowed range (0 through n-1). With GLIBCXX_ASSERTIONS enabled, it crashes on the out-of- bounds index. The most obvious fix is to use &buffer[n-1]-(m+1), which avoids the issue so long as n >= 1. I think this will always be the case in the affected code, but if I'm wrong, it can be fixed by adding a special case for n == 0. --- src/vecteur.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/vecteur.cc b/src/vecteur.cc index 89b1445..c91af66 100644 --- a/src/vecteur.cc +++ b/src/vecteur.cc @@ -7998,7 +7998,7 @@ namespace giac { if (convertpos){ int C=col+1; longlong * buf=&buffer[C]; - longlong * bufend=&buffer[cmax]-8; + longlong * bufend=&buffer[cmax-1]-7; const int * nline=&Nline[C]; for (;buf<=bufend;buf+=8,nline+=8){ longlong x,y; @@ -8022,7 +8022,7 @@ namespace giac { else { int C=col+1; longlong * buf=&buffer[C]; - longlong * bufend=&buffer[cmax]-8; + longlong * bufend=&buffer[cmax-1]-7; const int * nline=&Nline[C]; for (;buf<=bufend;buf+=8,nline+=8){ buf[0] -= coeff*nline[0]; @@ -8268,7 +8268,7 @@ namespace giac { } #else int C=col+1; - longlong * ptr= &buffer[C],*ptrend=&buffer[cmax]-4; + longlong * ptr= &buffer[C],*ptrend=&buffer[cmax-1]-3; const int *ptrN=&Nline[C]; for (;ptr