search

coin-or / qpOASES

Open-source C++ implementation of the recently proposed online active set strategy
GNU Lesser General Public License v2.1
397 stars 132 forks source link

Bug report: The Flipper's private variable nV and nC is not copied in the copy function #103

Open clw-ponyai opened 4 years ago

clw-ponyai commented 4 years ago

When assignment a QProblem to replace another existing one, the Flipper will also be copied: https://github.com/coin-or/qpOASES/blob/326a6517da899cac9766b17ebdcf328858ec6e90/src/QProblemB.cpp#L1167 But the Flipper's private variable nV and nC is not copied in the copy function, the old value is kept: https://github.com/coin-or/qpOASES/blob/326a6517da899cac9766b17ebdcf328858ec6e90/src/Flipper.cpp#L241 This may leads to buffer overflow. If the old_nV > new_nV, the memcpy will overrun the buffer. https://github.com/coin-or/qpOASES/blob/326a6517da899cac9766b17ebdcf328858ec6e90/src/Flipper.cpp#L180

My quick fix for this:

diff -urN a/src/Flipper.cpp b/src/Flipper.cpp
--- a/src/Flipper.cpp   2017-04-03 12:20:42.000000000 +0800
+++ b/src/Flipper.cpp   2020-06-28 12:01:42.438327284 +0800
@@ -238,6 +238,8 @@
 returnValue Flipper::copy( const Flipper& rhs
                            )
 {
+   nV = rhs.nV;
+   nC = rhs.nC;
    return set( &(rhs.bounds),rhs.R, &(rhs.constraints),rhs.Q,rhs.T );
 }