octave-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #56862] [octave forge] (interval) UB in crlibm

From: anonymous
Subject: [Octave-bug-tracker] [bug #56862] [octave forge] (interval) UB in crlibm found by cppcheck
Date: Fri, 6 Sep 2019 03:27:11 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 
URL:
  <https://savannah.gnu.org/bugs/?56862>

                 Summary: [octave forge] (interval) UB in crlibm found by
cppcheck
                 Project: GNU Octave
            Submitted by: None
            Submitted on: Fri 06 Sep 2019 07:27:09 AM UTC
                Category: Octave Forge Package
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: Segfault, Bus Error, etc.
                  Status: None
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: other
        Operating System: Any

    _______________________________________________________

Details:

libcrm as found in octave-interval 3.2.0 has various unitialized variables,
out-of-bounds dereference, and other issues. These were found by cppcheck, a
linter and static analysis tool for C and C++.

However, upstream [1] doesn't have a bugtracker, and the last bugfix is from
2011, so is this the right place to report?

src/crlibm/log1p.c:424:7: error: Uninitialized variable: E [uninitvar]
src/crlibm/log1p.c:712:7: error: Uninitialized variable: E [uninitvar]
src/crlibm/log1p.c:999:7: error: Uninitialized variable: E [uninitvar]
src/crlibm/log1p.c:1286:7: error: Uninitialized variable: E [uninitvar]
E is only initialized in "else" branches.

src/crlibm/scs_lib/addition_scs.c:108:19: style: Array index 'k' is used
before limits check. [arrayIndexThenCheck]
src/crlibm/scs_lib/addition_scs.c:493:18: style: Array index 'i' is used
before limits check. [arrayIndexThenCheck]
src/crlibm/scs_lib/addition_scs.c:542:16: style: Array index 'i' is used
before limits check. [arrayIndexThenCheck]
Dereferencing an array past the last item is undefined behavior.

There are other warnings, e.g. "Shifting a negative value is technically
undefined behaviour", but I didn't check them.

[1]: https://gforge.inria.fr/scm/browser.php?group_id=5929&extra=crlibm




    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56862>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]