0026605: Possible array out of bounds read in Extrema_GExtPC.gxx

ID	Project	Category	View Status	Date Submitted	Last Update

0026605	Open CASCADE	OCCT:Modeling Algorithms	public	2015-08-26 17:05	2015-10-23 20:50

Reporter	~~abv~~	Assigned To	bugmaster
Priority	normal	Severity	minor
Status	closed	Resolution	fixed
Platform	Windows	OS	VC++ 2010
Product Version	6.9.1
Target Version	6.9.1	Fixed in Version	6.9.1

Summary	0026605: Possible array out of bounds read in Extrema_GExtPC.gxx
Description	The fix made for #26351 introduced a new code in Extrema_GExtPC.gxx that is not protected against situation when aFirstUsedKnot == aLastUsedKnot (which may happen due to periodic adjustment). This seems to be partially fixed in 0026468, and one more correction is done in #21564 (to avoid incorrect adjustment). Anyway the code remains not protected against situation if aFirstUsedKnot == aLastUsedKnot: no check is done. The problem is detected during preparation of OCCT 6.9.1 release, in the branch containing fixes for #26351 and 0026468, but not #21564. It caused hangs on two test cases (listed below) in Release mode, if executed in parallel by testgrid command, and OutOfRange exception in Debug mode.
Steps To Reproduce	blend buildevol K6 blend simple U5
Tags	No tags attached.

Test case number	blend buildevol K6, simple U5

git 2015-08-26 17:08 administrator ~0044680	Branch CR26605 has been created by abv. SHA-1: 14eadc4b5ee6f30b5a42c2da3c030275cdbf6eae Detailed log of new commits: Author: abv Date: Wed Aug 26 17:07:30 2015 +0300 0026605: Possible array out of bounds read in Extrema_GExtPC.gxx Extract of correction made in #21564; assert added.

~~aml~~ 2015-08-26 18:22 developer ~0044683	aFirstUsedKnot == aLastUsedKnot situation may happen in blend algorithm, where right border of computation space is lower than left border of curve parameter space.

~~msv~~ 2015-08-26 19:56 developer ~0044690	I would prefer treating this case instead of raising exception. Alexander, please take care of this.

~~abv~~ 2015-08-26 20:27 manager ~0044691	Mikhail, for the moment I have added assert at that place (generating exception), assuming that this situation should never happen. I encourage everybody to use asserts in the code to ensure that assumptions on which algorithms are based are valid. For information: my assert has failed on test bugs modalg_5 bug24809. Running that test in debug mode on master, I got out-of-range exception -- just the same as in blend tests where bug has been detected. This proves that the problem is relevant not only for blend algorithms, neither it is specific to my branch.

~~msv~~ 2015-08-26 20:33 developer ~0044693	Inserting assert is just a temp workaround, and I would like Alexander to make proper treatment and to return a proper result in this particular case.

git 2015-08-27 08:28 administrator ~0044695	Branch CR26605 has been updated forcibly by abv. SHA-1: f35421fb44e1fbbd21b7a39100ced820394ebd6f

~~abv~~ 2015-08-27 08:30 manager ~0044696	I have changed assert behavior to do break instead of exception, thus test bugs modalg_5 bug24809 now passes (but still causes debug break in Debug mode, due to assert). Mikhail, asserts should not be considered as workarounds, but as a way to verify assumptions in your code, and to protect against unintentional errors and unpredicted situations. I believe we shall discuss that.

~~msv~~ 2015-08-27 12:06 developer ~0044714	Andrey, I agree with your statement in general. But in this particular case I believe we can do without assert.

git 2015-08-27 20:25 administrator ~0044768	Branch CR26605_1 has been created by aml. SHA-1: 1c0de62f5fe0e3da9254f44c9d43377cdec9dbd4 Detailed log of new commits: Author: aml Date: Thu Aug 27 20:24:12 2015 +0300 0026605: Possible array out of bounds read in Extrema_GExtPC.gxx Degenerated case fixed.

~~aml~~ 2015-08-27 20:26 developer ~0044769	Dear msv, Please check current state of branch CR26605_1.

git 2015-08-27 20:58 administrator ~0044772	Branch CR26605_1 has been updated forcibly by aml. SHA-1: c53b83bc28a3a9dda3416b5d40aa7511bf3268d5

~~aml~~ 2015-08-28 07:54 developer ~0044774 Last edited: 2015-08-28 07:55	bugs modalg_5 bug24809: trying to invoke extrema with parameters out of curve param space. ********* Dump of aC *********** BSplineCurve Degree 3, 7 Poles, 5 Knots Poles : 1 : 38427.19669, -5249.97975, 0.006730987775 2 : 38277.51715, -5249.97975, 0.006730987775 3 : 37907.44789, -5249.97975, 0.006730987775 4 : 37316.98893, -5249.97975, 0.006730987775 5 : 36733.32315, -5249.97975, 0.006730987775 6 : 36370.04707, -5249.97975, 0.006730987775 7 : 36227.1607, -5249.97975, 0.006730987776 Knots : 1 : 0.320841482 4 2 : 1 1 3 : 2 1 4 : 3 1 5 : 3.648335036 4 myuinf = 5.351... myusup = 8.679... Curve is not closed or periodic.

~~msv~~ 2015-08-28 13:07 developer ~0044793	Reviewed.

git 2015-08-28 15:29 administrator ~0044812	Branch CR26605_1 has been updated forcibly by mkv. SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f

~~mkv~~ 2015-08-31 18:06 tester ~0044906	Dear BugMaster, Branch CR26605_1 was rebased on current master of occt git-repository. SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f

~~mkv~~ 2015-08-31 18:06 tester ~0044907	Dear BugMaster, Branch CR26605_1 from occt git-repository (and master from products git-repository) was compiled on Linux, MacOS and Windows platforms and tested on Release mode. SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f Number of compiler warnings: occt component : Linux: 15 (15 on master) Windows: 0 (0 on master) products component : Linux: 39 (39 on master) Windows: 0 (0 on master) Regressions/Differences/Improvements: No regressions/differences Testing cases: http://occt-tests/CR26605-1-master-occt-64/Debian70-64/blend/buildevol/K6.html http://occt-tests/CR26605-1-master-occt-64/Windows-64-VC10/blend/buildevol/K6.html blend buildevol K6: OK http://occt-tests/CR26605-1-master-occt-64/Debian70-64/blend/simple/U5.html http://occt-tests/CR26605-1-master-occt-64/Windows-64-VC10/blend/simple/U5.html blend simple U5: OK Testing on Linux: occt component : Total MEMORY difference: 91984024 / 91195163 [+0.87%] Total CPU difference: 17817.849999999056 / 17162.289999999382 [+3.82%] products component : Total MEMORY difference: 25218947 / 25226546 [-0.03%] Total CPU difference: 7131.310000000012 / 7039.5099999999975 [+1.30%] Testing on Windows: occt component : Total MEMORY difference: 57096973 / 57088045 [+0.02%] Total CPU difference: 16547.50967309906 / 16439.697381998914 [+0.66%] products component : Total MEMORY difference: 16223029 / 16222282 [+0.00%] Total CPU difference: 5420.00514339997 / 5332.831784599964 [+1.63%] There are no differences in images found by testdiff.

git 2015-10-16 16:37 administrator ~0047002	Branch CR26605 has been deleted by kgv. SHA-1: f35421fb44e1fbbd21b7a39100ced820394ebd6f

git 2015-10-16 16:37 administrator ~0047003	Branch CR26605_1 has been deleted by kgv. SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f

Date Modified	Username	Field	Change
2015-08-26 17:05	~~abv~~	New Issue
2015-08-26 17:05	~~abv~~	Assigned To	=> msv
2015-08-26 17:08	git	Note Added: 0044680
2015-08-26 18:22	~~aml~~	Note Added: 0044683
2015-08-26 19:56	~~msv~~	Note Added: 0044690
2015-08-26 19:56	~~msv~~	Assigned To	msv => aml
2015-08-26 19:56	~~msv~~	Status	new => assigned
2015-08-26 20:27	~~abv~~	Note Added: 0044691
2015-08-26 20:33	~~msv~~	Note Added: 0044693
2015-08-27 08:28	git	Note Added: 0044695
2015-08-27 08:30	~~abv~~	Note Added: 0044696
2015-08-27 12:06	~~msv~~	Note Added: 0044714
2015-08-27 20:25	git	Note Added: 0044768
2015-08-27 20:26	~~aml~~	Note Added: 0044769
2015-08-27 20:26	~~aml~~	Assigned To	aml => msv
2015-08-27 20:26	~~aml~~	Status	assigned => resolved
2015-08-27 20:58	git	Note Added: 0044772
2015-08-28 07:54	~~aml~~	Note Added: 0044774
2015-08-28 07:55	~~aml~~	Note Edited: 0044774
2015-08-28 13:07	~~msv~~	Note Added: 0044793
2015-08-28 13:07	~~msv~~	Assigned To	msv => bugmaster
2015-08-28 13:07	~~msv~~	Status	resolved => reviewed
2015-08-28 14:42	~~mkv~~	Assigned To	bugmaster => mkv
2015-08-28 15:29	git	Note Added: 0044812
2015-08-31 18:06	~~mkv~~	Note Added: 0044906
2015-08-31 18:06	~~mkv~~	Note Added: 0044907
2015-08-31 18:06	~~mkv~~	Assigned To	mkv => bugmaster
2015-08-31 18:06	~~mkv~~	Status	reviewed => tested
2015-08-31 18:07	~~mkv~~	Test case number	=> blend buildevol K6, simple U5
2015-09-04 13:02	bugmaster	Changeset attached	=> occt master 1581d651
2015-09-04 13:02	bugmaster	Status	tested => verified
2015-09-04 13:02	bugmaster	Resolution	open => fixed
2015-09-16 15:23	~~aml~~	Relationship added	related to 0026468
2015-10-16 14:55	~~aiv~~	Status	verified => closed
2015-10-16 16:37	git	Note Added: 0047002
2015-10-16 16:37	git	Note Added: 0047003
2015-10-23 20:50	~~aiv~~	Fixed in Version	=> 6.9.1

occt: master 1581d651 2015-08-27 17:24:12 ~~aml~~ Committer: bugmaster Details Diff	0026605: Possible array out of bounds read in Extrema_GExtPC.gxx Degenerated case fixed.		Affected Issues 0026605
	mod - src/Extrema/Extrema_GExtPC.gxx		Diff File

View Issue Details

Relationships

Activities

Related Changesets

Issue History