search

coin-or / Cbc

COIN-OR Branch-and-Cut solver
Other
770 stars 110 forks source link

free() invalid pointer with unbounded NL files #389

Open jsiirola opened 3 years ago

jsiirola commented 3 years ago

When passing an unbounded problem to CBC 2.10.x, CBC dies freeing an invalid pointer:

*** Error in `[...]/bin/cbc': free(): invalid pointer: 0x0000000001084e80 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81329)[0x7fd50a719329]
[...]/bin/cbc[0x6d1d93]
[...]/bin/cbc[0x6a33f4]
[...]/bin/cbc[0x62e342]
[...]/bin/cbc[0x4ff342]
[...]/bin/cbc[0x41c997]
[...]/bin/cbc[0x407ab9]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fd50a6ba555]
[...]/bin/cbc[0x40cc4f]
======= Memory map: ========
00400000-00bed000 r-xp 00000000 08:11 848638                             [...]/bin/cbc
00ded000-00dee000 r--p 007ed000 08:11 848638                             [...]/bin/cbc
00dee000-00df4000 rw-p 007ee000 08:11 848638                             [...]/bin/cbc
00df4000-00dfa000 rw-p 00000000 00:00 0 
0107c000-010de000 rw-p 00000000 00:00 0                                  [heap]
7fd504000000-7fd504021000 rw-p 00000000 00:00 0 
7fd504021000-7fd508000000 ---p 00000000 00:00 0 
7fd50a698000-7fd50a85c000 r-xp 00000000 fd:00 19103215                   /usr/lib64/libc-2.17.so
7fd50a85c000-7fd50aa5b000 ---p 001c4000 fd:00 19103215                   /usr/lib64/libc-2.17.so
7fd50aa5b000-7fd50aa5f000 r--p 001c3000 fd:00 19103215                   /usr/lib64/libc-2.17.so
7fd50aa5f000-7fd50aa61000 rw-p 001c7000 fd:00 19103215                   /usr/lib64/libc-2.17.so
7fd50aa61000-7fd50aa66000 rw-p 00000000 00:00 0 
7fd50aa66000-7fd50aa7b000 r-xp 00000000 fd:00 16777299                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd50aa7b000-7fd50ac7a000 ---p 00015000 fd:00 16777299                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd50ac7a000-7fd50ac7b000 r--p 00014000 fd:00 16777299                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd50ac7b000-7fd50ac7c000 rw-p 00015000 fd:00 16777299                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd50ac7c000-7fd50ad7d000 r-xp 00000000 fd:00 16841851                   /usr/lib64/libm-2.17.so
7fd50ad7d000-7fd50af7c000 ---p 00101000 fd:00 16841851                   /usr/lib64/libm-2.17.so
7fd50af7c000-7fd50af7d000 r--p 00100000 fd:00 16841851                   /usr/lib64/libm-2.17.so
7fd50af7d000-7fd50af7e000 rw-p 00101000 fd:00 16841851                   /usr/lib64/libm-2.17.so
7fd50af7e000-7fd50b067000 r-xp 00000000 fd:00 16842220                   /usr/lib64/libstdc++.so.6.0.19
7fd50b067000-7fd50b267000 ---p 000e9000 fd:00 16842220                   /usr/lib64/libstdc++.so.6.0.19
7fd50b267000-7fd50b26f000 r--p 000e9000 fd:00 16842220                   /usr/lib64/libstdc++.so.6.0.19
7fd50b26f000-7fd50b271000 rw-p 000f1000 fd:00 16842220                   /usr/lib64/libstdc++.so.6.0.19
7fd50b271000-7fd50b286000 rw-p 00000000 00:00 0 
7fd50b286000-7fd50b288000 r-xp 00000000 fd:00 16841849                   /usr/lib64/libdl-2.17.so
7fd50b288000-7fd50b488000 ---p 00002000 fd:00 16841849                   /usr/lib64/libdl-2.17.so
7fd50b488000-7fd50b489000 r--p 00002000 fd:00 16841849                   /usr/lib64/libdl-2.17.so
7fd50b489000-7fd50b48a000 rw-p 00003000 fd:00 16841849                   /usr/lib64/libdl-2.17.so
7fd50b48a000-7fd50b4e2000 r-xp 00000000 fd:00 19103261                   /usr/lib64/libblas.so.3.4.2
7fd50b4e2000-7fd50b6e1000 ---p 00058000 fd:00 19103261                   /usr/lib64/libblas.so.3.4.2
7fd50b6e1000-7fd50b6e2000 r--p 00057000 fd:00 19103261                   /usr/lib64/libblas.so.3.4.2
7fd50b6e2000-7fd50b6e3000 rw-p 00058000 fd:00 19103261                   /usr/lib64/libblas.so.3.4.2
7fd50b6e3000-7fd50bc3d000 r-xp 00000000 fd:00 19198075                   /usr/lib64/liblapack.so.3.4.2
7fd50bc3d000-7fd50be3c000 ---p 0055a000 fd:00 19198075                   /usr/lib64/liblapack.so.3.4.2
7fd50be3c000-7fd50be3d000 r--p 00559000 fd:00 19198075                   /usr/lib64/liblapack.so.3.4.2
7fd50be3d000-7fd50be40000 rw-p 0055a000 fd:00 19198075                   /usr/lib64/liblapack.so.3.4.2
7fd50be40000-7fd50be7b000 r-xp 00000000 fd:00 19103246                   /usr/lib64/libquadmath.so.0.0.0
7fd50be7b000-7fd50c07a000 ---p 0003b000 fd:00 19103246                   /usr/lib64/libquadmath.so.0.0.0
7fd50c07a000-7fd50c07b000 r--p 0003a000 fd:00 19103246                   /usr/lib64/libquadmath.so.0.0.0
7fd50c07b000-7fd50c07c000 rw-p 0003b000 fd:00 19103246                   /usr/lib64/libquadmath.so.0.0.0
7fd50c07c000-7fd50c19b000 r-xp 00000000 fd:00 19103248                   /usr/lib64/libgfortran.so.3.0.0
7fd50c19b000-7fd50c39b000 ---p 0011f000 fd:00 19103248                   /usr/lib64/libgfortran.so.3.0.0
7fd50c39b000-7fd50c39c000 r--p 0011f000 fd:00 19103248                   /usr/lib64/libgfortran.so.3.0.0
7fd50c39c000-7fd50c39e000 rw-p 00120000 fd:00 19103248                   /usr/lib64/libgfortran.so.3.0.0
7fd50c39e000-7fd50c3c0000 r-xp 00000000 fd:00 19103208                   /usr/lib64/ld-2.17.so
7fd50c59d000-7fd50c5a5000 rw-p 00000000 00:00 0 
7fd50c5bc000-7fd50c5bf000 rw-p 00000000 00:00 0 
7fd50c5bf000-7fd50c5c0000 r--p 00021000 fd:00 19103208                   /usr/lib64/ld-2.17.so
7fd50c5c0000-7fd50c5c1000 rw-p 00022000 fd:00 19103208                   /usr/lib64/ld-2.17.so
7fd50c5c1000-7fd50c5c2000 rw-p 00000000 00:00 0 
7fff73849000-7fff7386d000 rw-p 00000000 00:00 0                          [stack]
7fff7387c000-7fff7387e000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

I have tested it (in CentOS7) with the binaries from bintray, along with the binary distributed by AMPL. This error shows up in all 2.10.x versions, but not in 2.9.x (although in 2.9.x, CBC fails to report the MILP as being 'unbounded')

Attached is a zipfile containing trivial NL files that reproduce the problem (for both LP and MILP models), along with the corresponding Pyomo files used to generate them: Unbounded_models.zip

jjhforrest commented 3 years ago

John,

Again fixed in master - change is trivial

diff --git a/Clp/src/ClpModel.cpp b/Clp/src/ClpModel.cpp index 4568dba4..f11fff43 100644 --- a/Clp/src/ClpModel.cpp +++ b/Clp/src/ClpModel.cpp @@ -3752,7 +3752,8 @@ int ClpModel::emptyProblem(int infeasNumber, double infeasSum, bool printMessa delete[] ray; ray = new double[numberColumns]; CoinZeroN(ray, numberColumns_);

On 22/04/2021 17:49, John Siirola wrote:

When passing an unbounded problem to CBC 2.10.x, CBC dies freeing an invalid pointer:

| Error in `[...]/bin/cbc': free(): invalid pointer: 0x0000000001084e80 ======= Backtrace: ========= /lib64/libc.so.6(+0x81329)[0x7fd50a719329] [...]/bin/cbc[0x6d1d93] [...]/bin/cbc[0x6a33f4] [...]/bin/cbc[0x62e342] [...]/bin/cbc[0x4ff342] [...]/bin/cbc[0x41c997] [...]/bin/cbc[0x407ab9] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fd50a6ba555] [...]/bin/cbc[0x40cc4f] ======= Memory map: ======== 00400000-00bed000 r-xp 00000000 08:11 848638 [...]/bin/cbc 00ded000-00dee000 r--p 007ed000 08:11 848638 [...]/bin/cbc 00dee000-00df4000 rw-p 007ee000 08:11 848638 [...]/bin/cbc 00df4000-00dfa000 rw-p 00000000 00:00 0 0107c000-010de000 rw-p 00000000 00:00 0 [heap] 7fd504000000-7fd504021000 rw-p 00000000 00:00 0 7fd504021000-7fd508000000 ---p 00000000 00:00 0 7fd50a698000-7fd50a85c000 r-xp 00000000 fd:00 19103215 /usr/lib64/libc-2.17.so 7fd50a85c000-7fd50aa5b000 ---p 001c4000 fd:00 19103215 /usr/lib64/libc-2.17.so 7fd50aa5b000-7fd50aa5f000 r--p 001c3000 fd:00 19103215 /usr/lib64/libc-2.17.so 7fd50aa5f000-7fd50aa61000 rw-p 001c7000 fd:00 19103215 /usr/lib64/libc-2.17.so 7fd50aa61000-7fd50aa66000 rw-p 00000000 00:00 0 7fd50aa66000-7fd50aa7b000 r-xp 00000000 fd:00 16777299 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7fd50aa7b000-7fd50ac7a000 ---p 00015000 fd:00 16777299 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7fd50ac7a000-7fd50ac7b000 r--p 00014000 fd:00 16777299 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7fd50ac7b000-7fd50ac7c000 rw-p 00015000 fd:00 16777299 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7fd50ac7c000-7fd50ad7d000 r-xp 00000000 fd:00 16841851 /usr/lib64/libm-2.17.so 7fd50ad7d000-7fd50af7c000 ---p 00101000 fd:00 16841851 /usr/lib64/libm-2.17.so 7fd50af7c000-7fd50af7d000 r--p 00100000 fd:00 16841851 /usr/lib64/libm-2.17.so 7fd50af7d000-7fd50af7e000 rw-p 00101000 fd:00 16841851 /usr/lib64/libm-2.17.so 7fd50af7e000-7fd50b067000 r-xp 00000000 fd:00 16842220 /usr/lib64/libstdc++.so.6.0.19 7fd50b067000-7fd50b267000 ---p 000e9000 fd:00 16842220 /usr/lib64/libstdc++.so.6.0.19 7fd50b267000-7fd50b26f000 r--p 000e9000 fd:00 16842220 /usr/lib64/libstdc++.so.6.0.19 7fd50b26f000-7fd50b271000 rw-p 000f1000 fd:00 16842220 /usr/lib64/libstdc++.so.6.0.19 7fd50b271000-7fd50b286000 rw-p 00000000 00:00 0 7fd50b286000-7fd50b288000 r-xp 00000000 fd:00 16841849 /usr/lib64/libdl-2.17.so 7fd50b288000-7fd50b488000 ---p 00002000 fd:00 16841849 /usr/lib64/libdl-2.17.so 7fd50b488000-7fd50b489000 r--p 00002000 fd:00 16841849 /usr/lib64/libdl-2.17.so 7fd50b489000-7fd50b48a000 rw-p 00003000 fd:00 16841849 /usr/lib64/libdl-2.17.so 7fd50b48a000-7fd50b4e2000 r-xp 00000000 fd:00 19103261 /usr/lib64/libblas.so.3.4.2 7fd50b4e2000-7fd50b6e1000 ---p 00058000 fd:00 19103261 /usr/lib64/libblas.so.3.4.2 7fd50b6e1000-7fd50b6e2000 r--p 00057000 fd:00 19103261 /usr/lib64/libblas.so.3.4.2 7fd50b6e2000-7fd50b6e3000 rw-p 00058000 fd:00 19103261 /usr/lib64/libblas.so.3.4.2 7fd50b6e3000-7fd50bc3d000 r-xp 00000000 fd:00 19198075 /usr/lib64/liblapack.so.3.4.2 7fd50bc3d000-7fd50be3c000 ---p 0055a000 fd:00 19198075 /usr/lib64/liblapack.so.3.4.2 7fd50be3c000-7fd50be3d000 r--p 00559000 fd:00 19198075 /usr/lib64/liblapack.so.3.4.2 7fd50be3d000-7fd50be40000 rw-p 0055a000 fd:00 19198075 /usr/lib64/liblapack.so.3.4.2 7fd50be40000-7fd50be7b000 r-xp 00000000 fd:00 19103246 /usr/lib64/libquadmath.so.0.0.0 7fd50be7b000-7fd50c07a000 ---p 0003b000 fd:00 19103246 /usr/lib64/libquadmath.so.0.0.0 7fd50c07a000-7fd50c07b000 r--p 0003a000 fd:00 19103246 /usr/lib64/libquadmath.so.0.0.0 7fd50c07b000-7fd50c07c000 rw-p 0003b000 fd:00 19103246 /usr/lib64/libquadmath.so.0.0.0 7fd50c07c000-7fd50c19b000 r-xp 00000000 fd:00 19103248 /usr/lib64/libgfortran.so.3.0.0 7fd50c19b000-7fd50c39b000 ---p 0011f000 fd:00 19103248 /usr/lib64/libgfortran.so.3.0.0 7fd50c39b000-7fd50c39c000 r--p 0011f000 fd:00 19103248 /usr/lib64/libgfortran.so.3.0.0 7fd50c39c000-7fd50c39e000 rw-p 00120000 fd:00 19103248 /usr/lib64/libgfortran.so.3.0.0 7fd50c39e000-7fd50c3c0000 r-xp 00000000 fd:00 19103208 /usr/lib64/ld-2.17.so 7fd50c59d000-7fd50c5a5000 rw-p 00000000 00:00 0 7fd50c5bc000-7fd50c5bf000 rw-p 00000000 00:00 0 7fd50c5bf000-7fd50c5c0000 r--p 00021000 fd:00 19103208 /usr/lib64/ld-2.17.so 7fd50c5c0000-7fd50c5c1000 rw-p 00022000 fd:00 19103208 /usr/lib64/ld-2.17.so 7fd50c5c1000-7fd50c5c2000 rw-p 00000000 00:00 0 7fff73849000-7fff7386d000 rw-p 00000000 00:00 0 [stack] 7fff7387c000-7fff7387e000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] |

I have tested it (in CentOS7) with the binaries from bintray, along with the binary distributed by AMPL. This error shows up in all 2.10.x versions, but not in 2.9.x (although in 2.9.x, CBC fails to report the MILP as being 'unbounded')

Attached is a zipfile containing trivial NL files that reproduce the problem (for both LP and MILP models), along with the corresponding Pyomo files used to generate them: Unbounded_models.zip https://github.com/coin-or/Cbc/files/6359956/Unbounded_models.zip

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/coin-or/Cbc/issues/389, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABWJYHD6DFN5QRABNVBXG6TTKBHRDANCNFSM43M3GX7Q.