tbeu
commented
4 years ago https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/matvar_cell.c#L49
https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/matvar_cell.c#L175
https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/mat73.c#L1060
For all three occurrences, in case MulDims overflows, the resulting number of elements is set to zero. In the subsequent instructions it basically is checked that the number of elements is positive. Thus, this is a non-issue.
Hi,
Function MulDims() gets number of elements from a variable and returns 1 on error. From the code usage patterns, Over 80% usages of funtion MulDims() do the error handling checks. Therefore, I guess checking error code of function MulDims() is essential. However, as shown in the following code, several usages forget to check the error code.
https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/matvar_cell.c#L49 https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/matvar_cell.c#L175 https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/mat73.c#L1060
=================================================================================
Furthermore, the return value of function MulDims() from other call sites are checked. See the following code, for example,
https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/mat5.c#L4681-L4685 https://github.com/tbeu/matio/blob/7a1831b94a73f2cd665bd48f65c8516509d0740e/src/mat73.c#L2350-L2355