search

coin-or / Cbc.old

This is a mirror of the subversion repository on COIN-OR
https://projects.coin-or.org/Cbc
Other
88 stars 30 forks source link

[Trac #181] NULL pointer dereference in #30

Open s-c-e opened 5 years ago

s-c-e commented 5 years ago

image

Attachment: https://github.com/s-c-e/cbc-trac-migration-attachments/blob/master/trac-ticket-181.zip

Hello.

I found a NULL pointer dereference in cbc.

Please confirm.

Thanks.

Summary: NULL pointer dereference

OS: CentOS 7 64bit

Version: Trunk (unstable)

Steps to reproduce:

1.Download the .POC files.

2.Compile the source code with ASan.

3.Execute the following command : ./cbc $POC

ASAN:DEADLYSIGNAL
=================================================================
==23114==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x000001697a01 bp 0x7ffe6bd33f10 sp 0x7ffe6bd33d40 T0)
==23114==The signal is caused by a READ memory access.
==23114==Hint: address points to the zero page.
    #0 0x1697a00 in CoinMpsCardReader::cleanCard() /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:280:19
    #1 0x16995b0 in CoinMpsCardReader::nextField() /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:516:10
    #2 0x16aab30 in CoinMpsIO::readMps(int&, CoinSet**&) /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:1633:18
    #3 0x16aa43f in CoinMpsIO::readMps(char const*, char const*, int&, CoinSet**&) /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:1573:10
    #4 0xc2a8db in OsiClpSolverInterface::readMps(char const*, bool, bool) /home/karas/Cbc/Clp/src/OsiClp/OsiClpSolverInterface.cpp:5765:24
    #5 0x561814 in CbcMain1(int, char const**, CbcModel&, int (*)(CbcModel*, int), CbcSolverUsefulData&) /home/karas/Cbc/Cbc/src/CbcSolver.cpp:7955:53
    #6 0x5254b6 in main /home/karas/Cbc/Cbc/src/CoinSolve.cpp:350:22
    #7 0x7fd8c61b21c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308
    #8 0x42e049 in _start (/home/karas/Cbc/run/bin/cbc+0x42e049)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:280:19 in CoinMpsCardReader::cleanCard()
==23114==ABORTING

==========

[Acknowledgement]

This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001,

Innovation hub for high Performance Computing]