View Issue Details

IDProjectCategoryView StatusLast Update
0024081CommunityOCCT:Modeling Datapublic2013-12-19 13:57
ReporterRoman Lygin Assigned Tobugmaster  
PrioritynormalSeveritycrash 
Status closedResolutionfixed 
PlatformWindowsOSVC++ 2010 
Product Version6.6.0 
Target Version6.7.0Fixed in Version6.7.0 
Summary0024081: Memory corruption when projecting point on surface of revolution
DescriptionExtrema_ExtPRevS allocates buffer for up to 6 solutions.

Problem 1 (see case 1 in reproducer):
Internally the class uses indexing with start index of 1 (not 0). Thus, in the case of 6 solutions it corrupts the memory with the last (6-th solution). Similar old issue in Extrema_ExtPExtS (and likely _ExtPElC and alike - which uses preallocated buffer) had been fixed to internally use 0-based indexing.

The application behavior depends on the compiler/mode - for instance, on Windows I only caught the issue in vc10 32 bit / release. Debug mode and vc10 64 bit (debug & release) gracefully processed this case.

Problem 2 (see case 2 in reproducer):
Analytical cases can produce at least 8 solutions - see case 2. In this case, memory is corrupted more severely.


Fixes and recommendations:
1. The fix which I will commit will provide an allocation for up to 8 solutions and will use 0-based indexing.
2. OCC team should review this and other classes in Extrema which implement particular cases which use preallocated buffers to double-check if analytical combinations cannot really exceed currently allocated numbers.
3. OCC team should change the WOK generation of Visual Studio projects to add /RTC1 option for debug configuration. This is a default option in own Visual Studio-generated project files - see Properties/ C/C++ / Code Generation / Basic Runtime checks. With this configuration this issue would have been caught much earlier.
Steps To Reproducecase 1 - 6 solutions
ellipse e 10 0 0 0 -1 0 0 0 1 5 2
revsurf s e 0 0 0 0 0 1
proj s 7.9 0 0

case 2 - 8 solutions
ellipse e 2.1 0 0 0 -1 0 0 0 1 5 2
revsurf s e 0 0 0 0 0 1
proj s 0.01 0 0
TagsNo tags attached.
Test case numberbugs moddata_3(013) bug24081_1, bug24081_2

Activities

Roman Lygin

2013-07-27 23:12

developer   ~0025179

The fix pushed into the git repository

ifv

2013-08-12 16:01

developer   ~0025285

Ok

mkv

2013-08-13 14:47

tester   ~0025293

Dear BugMaster,

Branch CR24081 (and products from GIT master) was compiled on Linux and Windows platforms and tested.
SHA-1: 283a05633ce23e128f571e8385fe94f8e800a002

Number of compiler warnings:

occt component :
Linux: 918 (917 on master)
Windows: 855 (855 on master)

products component :
Linux: 189 (188 on master)
Windows: 287 (287 on master)

Regressions:
No regressions

Improvements:
No improvements

Testing cases:
bugs moddata_3(013) bug24081_1, bug24081_2 - OK.

Testing on Linux:
Total MEMORY difference: 362766592 / 363283144
Total CPU difference: 47818.300000000665 / 49186.1200000005

Testing on Windows:
Total MEMORY difference: 424854808 / 424539736
Total CPU difference: 37134.421875 / 33046.328125

There are not differences in images found by testdiff.

Related Changesets

occt: master 6f94f1df

2013-08-15 11:55:13

Roman Lygin


Committer: bugmaster Details Diff
0024081: Memory corruption when projecting point on surface of revolution
Adding test cases for issue CR24081
Affected Issues
0024081
mod - src/Extrema/Extrema_ExtPRevS.cdl Diff File
mod - src/Extrema/Extrema_ExtPRevS.cxx Diff File
add - tests/bugs/moddata_3/bug24081_1 Diff File
add - tests/bugs/moddata_3/bug24081_2 Diff File

Issue History

Date Modified Username Field Change
2013-07-21 20:29 Roman Lygin New Issue
2013-07-21 20:29 Roman Lygin Assigned To => ifv
2013-07-27 23:12 Roman Lygin Note Added: 0025179
2013-07-27 23:12 Roman Lygin Status new => resolved
2013-08-12 16:01 ifv Note Added: 0025285
2013-08-12 16:01 ifv Status resolved => reviewed
2013-08-12 18:26 mkv Assigned To ifv => mkv
2013-08-13 14:47 mkv Note Added: 0025293
2013-08-13 14:48 mkv Test case number => bugs moddata_3(013) bug24081_1, bug24081_2
2013-08-13 14:48 mkv Assigned To mkv => bugmaster
2013-08-13 14:48 mkv Status reviewed => tested
2013-08-17 12:50 bugmaster Changeset attached => occt master 6f94f1df
2013-08-17 12:50 bugmaster Status tested => verified
2013-08-17 12:50 bugmaster Resolution open => fixed
2013-08-21 14:47 bugmaster Target Version => 6.7.0
2013-12-19 13:52 bugmaster Status verified => closed
2013-12-19 13:57 bugmaster Fixed in Version => 6.7.0