Installation Method(s)
DEB package from official MDSplus repository
Describe the bug
Calling the TDI functions REPLICATE or SPREAD with scalar inputs can result in arrays with uninitialized bounds. This can then result in segmentation faults upon use of these arrays on certain systems.
To Reproduce
Build MDSplus without debug
Open tdic
Enter _aeps=replicate(0.05d0,0,5)
Output is an array with bounds (SET_RANGE) where bounds are uninitialized.
As this bug relies on uninitialized memory, the behaviour is not entirely predictable.
Some other options that might trigger this output are replicate(0.05d0,0,5) or _aeps=replicate(0.05d0,0,5),_aeps.
Be sure to try each option a few times (10 is usually enough).
With the erroneous answer, subscripting the array yields various incorrect answers.
A similar problem can be seen with the spread function
Expected behavior
The return value should be a simple array.
Additional context
The source of the error seems to be the block starting at tdishr/TdiTrans.c#L296. There might be several problems:
The variable array_bounds arr is never initialized, in particular arr.arflags.bounds can be 0 or 1 depending on the initial memory state (when compiled with debug, the memory is probably always initialized to 0 and thus the problem is absent.
arr.m is filled even if arr.aflags.coeff is explicitly set to 0.
One possible fix is to initialize the variable arr with array_bounds arr={0}, but the conversion of scalar descriptors still seems dubious.
I also noticed that the behaviour of REPLICATE with array with bounds as inputs might not be well defined. At the moment we get the following:
cenkoloji
commented
1 day ago
Affiliation SPC-EPFL
Version(s) Affected Client Version: Stable 7.142.81, Alpha 7.148.1
Platform(s) Ubuntu 24.04
Installation Method(s) DEB package from official MDSplus repository
Describe the bug Calling the TDI functions REPLICATE or SPREAD with scalar inputs can result in arrays with uninitialized bounds. This can then result in segmentation faults upon use of these arrays on certain systems.
To Reproduce
tdic_aeps=replicate(0.05d0,0,5)Some other options that might trigger this output are
replicate(0.05d0,0,5)or_aeps=replicate(0.05d0,0,5),_aeps.Be sure to try each option a few times (10 is usually enough).
spreadfunctionExpected behavior The return value should be a simple array.
Additional context The source of the error seems to be the block starting at tdishr/TdiTrans.c#L296. There might be several problems:
array_bounds arris never initialized, in particulararr.arflags.boundscan be0or1depending on the initial memory state (when compiled with debug, the memory is probably always initialized to 0 and thus the problem is absent.arr.mis filled even ifarr.aflags.coeffis explicitly set to0.One possible fix is to initialize the variable
arrwitharray_bounds arr={0}, but the conversion of scalar descriptors still seems dubious.I also noticed that the behaviour of REPLICATE with array with bounds as inputs might not be well defined. At the moment we get the following:
whereas either a simple array or an error (such as invalid class) should be triggered.