I observed an integer overflow in PairIterator::operator[] and ConstPairIterator::operator[].
The following minimal example allows to reproduce this issue. I spotted it when filling a sparse tensor, but it could also occur in other situations.
int64_t N = 400; // works for (e.g.) N=100, crashes for N=400
int64_t dddd[] = {N, N, N, N}; // for tensor of order 4
int syms[] = {NS, NS, NS, NS}; // no symmetry
CTF::Tensor<double> T(4, true, dddd, syms, dw);
double sparsity = 0.1;
T.fill_sp_random(0, 1, sparsity); // crashes due to integer overflow
For this particular example the integer overflow is located here:
In the line 1039 of the source file src/redistribution/sparse_rw.cxx the variable nwrite is of type int64_t and can cause an integer overflow when it is passed to the PairIterator::operator[] in swap_data[nwrite]:
int64_t new_num_pair, nwrite, swp;
// [...]
int64_t ky = swap_data[nwrite].k();
The issue is fixed by replacing operator[](int n) with operator[](int64_t n).
Hello!
Thanks for this great project.
I observed an integer overflow in
PairIterator::operator[]
andConstPairIterator::operator[]
.The following minimal example allows to reproduce this issue. I spotted it when filling a sparse tensor, but it could also occur in other situations.
For this particular example the integer overflow is located here: In the line 1039 of the source file
src/redistribution/sparse_rw.cxx
the variablenwrite
is of typeint64_t
and can cause an integer overflow when it is passed to thePairIterator::operator[]
inswap_data[nwrite]
:The issue is fixed by replacing
operator[](int n)
withoperator[](int64_t n)
.