search

coin-or / CoinUtils

COIN-OR Utilities
Other
44 stars 41 forks source link

NULL pointer dereference in CoinMpsIO::rowName #97

Open svigerske opened 5 years ago

svigerske commented 5 years ago

Issue created by migration from Trac.

Original creator: gy741.kim

Original creation time: 2018-01-02 07:22:48

Assignee: @tkralphs

Hello.

I found a NULL pointer dereference in cbc.

Please confirm.

Thanks.

Summary: NULL pointer dereference

OS: CentOS 7 64bit

Version: Trunk (unstable)

PoC Download: https://github.com/gy741/PoC/raw/master/Null_CoinMpsIO_rowName

Steps to reproduce: 1.Download the .POC files. 2.Compile the source code with ASan. 3.Execute the following command : ./cbc $POC 

ASAN:SIGSEGV
=================================================================
==20322==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f3612a0441d bp 0x7ffc1b7494f0 sp 0x7ffc1b748e90 T0)
    #0 0x7f3612a0441c in CoinMpsIO::rowName(int) const /home/karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:5168:12
    #1 0x7f3614a2dff7 in OsiClpSolverInterface::readMps(char const*, bool, bool) /home/karas/Cbc/Clp/src/OsiClp/OsiClpSolverInterface.cpp:5828:22
    #2 0x7f3615a51a86 in CbcMain1(int, char const**, CbcModel&, int (*)(CbcModel*, int), CbcSolverUsefulData&) /home/karas/Cbc/Cbc/src/CbcSolver.cpp:7955:42
    #3 0x4dcfd2 in main /home/karas/Cbc/Cbc/src/CoinSolve.cpp:350:22
    #4 0x7f360f8bf82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
    #5 0x435a18 in _start (/home/karas/Cbc/qq/bin/cbc+0x435a18)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home//karas/Cbc/CoinUtils/src/CoinMpsIO.cpp:5168 CoinMpsIO::rowName(int) const
==20322==ABORTING

==========

[Acknowledgement]

This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001,

Innovation hub for high Performance Computing]

svigerske commented 5 years ago

Attachment Null_CoinMpsIO_rowName by gy741.kim created at 2018-01-02 07:23:00

PoC

svigerske commented 5 years ago

With current Cbc/master and assertions enabled, I get

Welcome to the CBC MILP Solver 
Version: Trunk (unstable) 
Build Date: Mar 12 2019 
Revision Number: 2526 

command line - ./bin/cbc Null_CoinMpsIO_rowName (default strategy 1)
At line 1 SOS
cbc: ../../../CoinUtils/src/CoinMpsIO.cpp:2686: int CoinMpsIO::readMps(int&, CoinSet**&): Assertion `i == j' failed.