Subject: [Boost-bugs] [Boost C++ Libraries] #13127: out of bound memory access in integer_sort
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2017-07-17 05:26:37
#13127: out of bound memory access in integer_sort
----------------------------------+-----------------------------
Reporter: Jie HE <jie.he.cn@…> | Owner: Paul A. Bristow
Type: Bugs | Status: new
Milestone: To Be Determined | Component: sort
Version: Boost 1.64.0 | Severity: Problem
Keywords: |
----------------------------------+-----------------------------
I called integer_sort() to sort a data array, found a oob access, and
crashed.
check the code, found it occurs in inner_swap_loop. the code is like the
following:
target_bin = bins + (rshift(*current, log_divisor) - div_min)
but in the previous code, function spreadsort_rec().
the bin count is calculated by the code with a cast (unsigned):
unsigned bin_count = unsigned(div_max - div_min) + 1;
and the next place in spreadsort_rec()
for (RandomAccessIter current = first; current != last;)
bin_sizes[unsigned(rshift(*(current++), log_divisor) - div_min)]++;
so that, I thought there is a missing cast (unsigned) in
inner_swap_loop().
-- Ticket URL: <https://svn.boost.org/trac10/boost/ticket/13127> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-07-17 05:30:11 UTC