Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NULL pointer dereference in CoinMpsIO::rowName #97

Open
svigerske opened this issue Mar 3, 2019 · 2 comments
Open

NULL pointer dereference in CoinMpsIO::rowName #97

svigerske opened this issue Mar 3, 2019 · 2 comments

Comments

@svigerske
Copy link
Member

Issue created by migration from Trac.

Original creator: gy741.kim

Original creation time: 2018-01-02 07:22:48

Assignee: @tkralphs

Hello.

I found a NULL pointer dereference in cbc.

Please confirm.

Thanks.

Summary: NULL pointer dereference

OS: CentOS 7 64bit

Version: Trunk (unstable)

PoC Download: https://github.com/gy741/PoC/raw/master/Null_CoinMpsIO_rowName

Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./cbc $POC

ASAN:SIGSEGV
=================================================================
==20322==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f3612a0441d bp 0x7ffc1b7494f0 sp 0x7ffc1b748e90 T0)
    #0 0x7f3612a0441c in CoinMpsIO::rowName(int) const /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:5168:12
    #1 0x7f3614a2dff7 in OsiClpSolverInterface::readMps(char const*, bool, bool) /home/karas/Cbc/Clp/src/OsiClp/OsiClpSolverInterface.cpp:5828:22
    #2 0x7f3615a51a86 in CbcMain1(int, char const**, CbcModel&, int (*)(CbcModel*, int), CbcSolverUsefulData&) /home/karas/Cbc/Cbc/src/CbcSolver.cpp:7955:42
    #3 0x4dcfd2 in main /home/karas/Cbc/Cbc/src/CoinSolve.cpp:350:22
    #4 0x7f360f8bf82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
    #5 0x435a18 in _start (/home/karas/Cbc/qq/bin/cbc+0x435a18)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home//karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:5168 CoinMpsIO::rowName(int) const
==20322==ABORTING

==========

[Acknowledgement]

This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001,

Innovation hub for high Performance Computing]
@svigerske
Copy link
Member Author

Attachment Null_CoinMpsIO_rowName by gy741.kim created at 2018-01-02 07:23:00

PoC

@svigerske
Copy link
Member Author

With current Cbc/master and assertions enabled, I get

Welcome to the CBC MILP Solver 
Version: Trunk (unstable) 
Build Date: Mar 12 2019 
Revision Number: 2526 

command line - ./bin/cbc Null_CoinMpsIO_rowName (default strategy 1)
At line 1 SOS
cbc: ../../../CoinUtils/src/CoinMpsIO.cpp:2686: int CoinMpsIO::readMps(int&, CoinSet**&): Assertion `i == j' failed.

@svigerske svigerske transferred this issue from coin-or/Cbc Mar 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@svigerske