MantisBT
Mantis Bug Tracker Workflow

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0028327Community[OCCT] OCCT:Modeling Datapublic2016-12-29 20:362017-03-20 14:36
ReporterIstvan Csanady 
Assigned Toapn 
PrioritynormalSeveritycrash 
StatusverifiedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version[OCCT] 7.2.0*Fixed in Version 
Summary0028327: BSplCLib can cause memory corruption in degenerated cases
DescriptionSome methods of BSplCLib are directly using the memory address of the knots array. This can lead to reading invalid memory addresses and/or crashes. If the indexing operator would be used instead, this would just simply lead to throwing an exception instead of reading memory garbage. I am pretty sure that on a modern C++ compiler this would not lead to performance fallback (at least it did not in our case), but indeed it needs more investigation.
Patch is attached.
Steps To ReproduceNot available
TagsNo tags attached.
Test case numberNot needed
Attached Filesdiff file icon use_index_operator.diff (1,418 bytes) 2016-12-29 20:36

- Relationships

-  Notes
(0063280)
msv (developer)
2017-02-01 11:32

Istvan, do you have a test case for which BSplCLib::KnotForm goes out of array bounds?
(0063281)
msv (developer)
2017-02-01 11:44

I see the similar code for BSplCLib::MultForm, near the line 640.
(0063303)
Istvan Csanady (developer)
2017-02-01 16:33

One of our users was trying to import an IGS file, and it always crashed for him. We figured out from the crash logs that this was the problem, but we did not have access to the IGS file.
(0063310)
git (administrator)
2017-02-01 17:16

Branch CR28327 has been created by msv.

SHA-1: 511348a5de706af9b501b7c793cb09d40636d599


Detailed log of new commits:

Author: msv
Date: Wed Feb 1 11:35:50 2017 +0300

    0028327: BSplCLib can cause memory corruption in degenerated cases
    
    The code of the methods BSplCLib::KnotForm and BSplCLib::MultForm has been made safe by giving up using of address of array item for iteration on the Array1. Also the checking for degenerated case has been added to prevent out of bounds exception.
(0063311)
msv (developer)
2017-02-01 17:17

Please test.
(0063390)
apv (tester)
2017-02-03 13:53

Dear BugMaster,

Branch CR28327 from occt git-repository (and master from products git-repository) was compiled on Linux, MacOS and Windows platforms and tested.
SHA-1: 511348a5de706af9b501b7c793cb09d40636d599

Number of compiler warnings:
occt component:
   Linux: 0 (0 on master)
   Windows: 0 (0 on master)
   MasOS: 0 (0 on master)
products component:
   Linux: 63
   Windows: 0
   MacOS: 1146

Regressions/Differences:
Not detected

Testing cases:
Not needed

Testing on Linux:
Total MEMORY difference: 92389727 / 92303976 [+0.09%]
Total CPU difference: 19771.190000000177 / 19914.260000000217 [-0.72%]

Testing on Windows:
Total MEMORY difference: 57618548 / 57618048 [+0.00%]
Total CPU difference: 18559.04896749855 / 18683.178963198647 [-0.66%]
(0064510)
git (administrator)
2017-03-20 14:36

Branch CR28327 has been deleted by inv.

SHA-1: 511348a5de706af9b501b7c793cb09d40636d599

- Related Changesets
occt: master c13de402
Timestamp: 2017-02-01 08:35:50
Author: msv
Committer: apn
Details ] Diff ]
0028327: BSplCLib can cause memory corruption in degenerated cases

The code of the methods BSplCLib::KnotForm and BSplCLib::MultForm has been made safe by giving up using of address of array item for iteration on the Array1. Also the checking for degenerated case has been added to prevent out of bounds exception.
mod - src/BSplCLib/BSplCLib.cxx Diff ] File ]

- Issue History
Date Modified Username Field Change
2016-12-29 20:36 Istvan Csanady New Issue
2016-12-29 20:36 Istvan Csanady Assigned To => msv
2016-12-29 20:36 Istvan Csanady File Added: use_index_operator.diff
2017-02-01 11:32 msv Note Added: 0063280
2017-02-01 11:32 msv Assigned To msv => Istvan Csanady
2017-02-01 11:32 msv Status new => feedback
2017-02-01 11:44 msv Note Added: 0063281
2017-02-01 16:33 Istvan Csanady Note Added: 0063303
2017-02-01 17:16 git Note Added: 0063310
2017-02-01 17:17 msv Assigned To Istvan Csanady => msv
2017-02-01 17:17 msv Status feedback => resolved
2017-02-01 17:17 msv Steps to Reproduce Updated View Revisions
2017-02-01 17:17 msv Note Added: 0063311
2017-02-01 17:17 msv Assigned To msv => bugmaster
2017-02-01 17:17 msv Status resolved => reviewed
2017-02-01 17:23 apv Assigned To bugmaster => apv
2017-02-01 18:37 apv Test case number => Not needed
2017-02-03 13:53 apv Note Added: 0063390
2017-02-03 13:53 apv Assigned To apv => bugmaster
2017-02-03 13:53 apv Status reviewed => tested
2017-02-10 14:33 apn Changeset attached => occt master c13de402
2017-02-10 14:33 apn Assigned To bugmaster => apn
2017-02-10 14:33 apn Status tested => verified
2017-02-10 14:33 apn Resolution open => fixed
2017-03-20 14:36 git Note Added: 0064510


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker