MantisBT
Mantis Bug Tracker Workflow

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0026605Open CASCADE[OCCT] OCCT:Modeling Algorithmspublic2015-08-26 17:052015-10-23 20:50
Reporterabv 
Assigned Tobugmaster 
PrioritynormalSeverityminor 
StatusclosedResolutionfixed 
PlatformWindowsOSVC++ 2010OS Version64 bit
Product Version[OCCT] 6.9.1 
Target Version[OCCT] 6.9.1Fixed in Version[OCCT] 6.9.1 
Summary0026605: Possible array out of bounds read in Extrema_GExtPC.gxx
DescriptionThe fix made for #26351 introduced a new code in Extrema_GExtPC.gxx that is not protected against situation when aFirstUsedKnot == aLastUsedKnot (which may happen due to periodic adjustment). This seems to be partially fixed in 0026468, and one more correction is done in #21564 (to avoid incorrect adjustment).

Anyway the code remains not protected against situation if aFirstUsedKnot == aLastUsedKnot: no check is done.

The problem is detected during preparation of OCCT 6.9.1 release, in the branch containing fixes for #26351 and 0026468, but not #21564. It caused hangs on two test cases (listed below) in Release mode, if executed in parallel by testgrid command, and OutOfRange exception in Debug mode.
Steps To Reproduceblend buildevol K6
blend simple U5

TagsNo tags attached.
Test case numberblend buildevol K6, simple U5
Attached Files

- Relationships
related to 0026468closedbugmaster Open CASCADE Out of range exception on current master 

-  Notes
(0044680)
git (administrator)
2015-08-26 17:08

Branch CR26605 has been created by abv.

SHA-1: 14eadc4b5ee6f30b5a42c2da3c030275cdbf6eae


Detailed log of new commits:

Author: abv
Date: Wed Aug 26 17:07:30 2015 +0300

    0026605: Possible array out of bounds read in Extrema_GExtPC.gxx
    
    Extract of correction made in #21564; assert added.
(0044683)
aml (developer)
2015-08-26 18:22

aFirstUsedKnot == aLastUsedKnot situation may happen in blend algorithm, where right border of computation space is lower than left border of curve parameter space.
(0044690)
msv (developer)
2015-08-26 19:56

I would prefer treating this case instead of raising exception.
Alexander, please take care of this.
(0044691)
abv (manager)
2015-08-26 20:27

Mikhail, for the moment I have added assert at that place (generating exception), assuming that this situation should never happen. I encourage everybody to use asserts in the code to ensure that assumptions on which algorithms are based are valid.

For information: my assert has failed on test bugs modalg_5 bug24809. Running that test in debug mode on master, I got out-of-range exception -- just the same as in blend tests where bug has been detected. This proves that the problem is relevant not only for blend algorithms, neither it is specific to my branch.
(0044693)
msv (developer)
2015-08-26 20:33

Inserting assert is just a temp workaround, and I would like Alexander to make proper treatment and to return a proper result in this particular case.
(0044695)
git (administrator)
2015-08-27 08:28

Branch CR26605 has been updated forcibly by abv.

SHA-1: f35421fb44e1fbbd21b7a39100ced820394ebd6f
(0044696)
abv (manager)
2015-08-27 08:30

I have changed assert behavior to do break instead of exception, thus test bugs modalg_5 bug24809 now passes (but still causes debug break in Debug mode, due to assert).

Mikhail, asserts should not be considered as workarounds, but as a way to verify assumptions in your code, and to protect against unintentional errors and unpredicted situations. I believe we shall discuss that.
(0044714)
msv (developer)
2015-08-27 12:06

Andrey, I agree with your statement in general. But in this particular case I believe we can do without assert.
(0044768)
git (administrator)
2015-08-27 20:25

Branch CR26605_1 has been created by aml.

SHA-1: 1c0de62f5fe0e3da9254f44c9d43377cdec9dbd4


Detailed log of new commits:

Author: aml
Date: Thu Aug 27 20:24:12 2015 +0300

    0026605: Possible array out of bounds read in Extrema_GExtPC.gxx
    
    Degenerated case fixed.
(0044769)
aml (developer)
2015-08-27 20:26

Dear msv,

Please check current state of branch CR26605_1.
(0044772)
git (administrator)
2015-08-27 20:58

Branch CR26605_1 has been updated forcibly by aml.

SHA-1: c53b83bc28a3a9dda3416b5d40aa7511bf3268d5
(0044774)
aml (developer)
2015-08-28 07:54
edited on: 2015-08-28 07:55

bugs modalg_5 bug24809:

trying to invoke extrema with parameters out of curve param space.

*********** Dump of aC *************
BSplineCurve
  Degree 3, 7 Poles, 5 Knots
Poles :

   1 : 38427.19669, -5249.97975, 0.006730987775
   2 : 38277.51715, -5249.97975, 0.006730987775
   3 : 37907.44789, -5249.97975, 0.006730987775
   4 : 37316.98893, -5249.97975, 0.006730987775
   5 : 36733.32315, -5249.97975, 0.006730987775
   6 : 36370.04707, -5249.97975, 0.006730987775
   7 : 36227.1607, -5249.97975, 0.006730987776
Knots :

   1 : 0.320841482 4
   2 : 1 1
   3 : 2 1
   4 : 3 1
   5 : 3.648335036 4

myuinf = 5.351...
myusup = 8.679...

Curve is not closed or periodic.

(0044793)
msv (developer)
2015-08-28 13:07

Reviewed.
(0044812)
git (administrator)
2015-08-28 15:29

Branch CR26605_1 has been updated forcibly by mkv.

SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f
(0044906)
mkv (tester)
2015-08-31 18:06

Dear BugMaster,
Branch CR26605_1 was rebased on current master of occt git-repository.
SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f
(0044907)
mkv (tester)
2015-08-31 18:06

Dear BugMaster,
Branch CR26605_1 from occt git-repository (and master from products git-repository) was compiled on Linux, MacOS and Windows platforms and tested on Release mode.
SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f

Number of compiler warnings:

occt component :
Linux: 15 (15 on master)
Windows: 0 (0 on master)

products component :
Linux: 39 (39 on master)
Windows: 0 (0 on master)

Regressions/Differences/Improvements:
No regressions/differences

Testing cases:
http://occt-tests/CR26605-1-master-occt-64/Debian70-64/blend/buildevol/K6.html [^]
http://occt-tests/CR26605-1-master-occt-64/Windows-64-VC10/blend/buildevol/K6.html [^]
blend buildevol K6: OK
http://occt-tests/CR26605-1-master-occt-64/Debian70-64/blend/simple/U5.html [^]
http://occt-tests/CR26605-1-master-occt-64/Windows-64-VC10/blend/simple/U5.html [^]
blend simple U5: OK

Testing on Linux:
occt component :
Total MEMORY difference: 91984024 / 91195163 [+0.87%]
Total CPU difference: 17817.849999999056 / 17162.289999999382 [+3.82%]
products component :
Total MEMORY difference: 25218947 / 25226546 [-0.03%]
Total CPU difference: 7131.310000000012 / 7039.5099999999975 [+1.30%]

Testing on Windows:
occt component :
Total MEMORY difference: 57096973 / 57088045 [+0.02%]
Total CPU difference: 16547.50967309906 / 16439.697381998914 [+0.66%]
products component :
Total MEMORY difference: 16223029 / 16222282 [+0.00%]
Total CPU difference: 5420.00514339997 / 5332.831784599964 [+1.63%]

There are no differences in images found by testdiff.
(0047002)
git (administrator)
2015-10-16 16:37

Branch CR26605 has been deleted by kgv.

SHA-1: f35421fb44e1fbbd21b7a39100ced820394ebd6f
(0047003)
git (administrator)
2015-10-16 16:37

Branch CR26605_1 has been deleted by kgv.

SHA-1: 6c539b2b25f33c4b9673a79163cdc1781151708f

- Related Changesets
occt: master 1581d651
Timestamp: 2015-08-27 17:24:12
Author: aml
Committer: bugmaster
Details ] Diff ]
0026605: Possible array out of bounds read in Extrema_GExtPC.gxx

Degenerated case fixed.
mod - src/Extrema/Extrema_GExtPC.gxx Diff ] File ]

- Issue History
Date Modified Username Field Change
2015-08-26 17:05 abv New Issue
2015-08-26 17:05 abv Assigned To => msv
2015-08-26 17:08 git Note Added: 0044680
2015-08-26 18:22 aml Note Added: 0044683
2015-08-26 19:56 msv Note Added: 0044690
2015-08-26 19:56 msv Assigned To msv => aml
2015-08-26 19:56 msv Status new => assigned
2015-08-26 20:27 abv Note Added: 0044691
2015-08-26 20:33 msv Note Added: 0044693
2015-08-27 08:28 git Note Added: 0044695
2015-08-27 08:30 abv Note Added: 0044696
2015-08-27 12:06 msv Note Added: 0044714
2015-08-27 20:25 git Note Added: 0044768
2015-08-27 20:26 aml Note Added: 0044769
2015-08-27 20:26 aml Assigned To aml => msv
2015-08-27 20:26 aml Status assigned => resolved
2015-08-27 20:58 git Note Added: 0044772
2015-08-28 07:54 aml Note Added: 0044774
2015-08-28 07:55 aml Note Edited: 0044774 View Revisions
2015-08-28 13:07 msv Note Added: 0044793
2015-08-28 13:07 msv Assigned To msv => bugmaster
2015-08-28 13:07 msv Status resolved => reviewed
2015-08-28 14:42 mkv Assigned To bugmaster => mkv
2015-08-28 15:29 git Note Added: 0044812
2015-08-31 18:06 mkv Note Added: 0044906
2015-08-31 18:06 mkv Note Added: 0044907
2015-08-31 18:06 mkv Assigned To mkv => bugmaster
2015-08-31 18:06 mkv Status reviewed => tested
2015-08-31 18:07 mkv Test case number => blend buildevol K6, simple U5
2015-09-04 13:02 bugmaster Changeset attached => occt master 1581d651
2015-09-04 13:02 bugmaster Status tested => verified
2015-09-04 13:02 bugmaster Resolution open => fixed
2015-09-16 15:23 aml Relationship added related to 0026351
2015-09-16 15:23 aml Relationship added related to 0026468
2015-10-16 14:55 aiv Status verified => closed
2015-10-16 16:37 git Note Added: 0047002
2015-10-16 16:37 git Note Added: 0047003
2015-10-23 20:50 aiv Fixed in Version => 6.9.1


Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker