[GRASS-dev] [GRASS GIS] #3564: Inconsistent results from qsort callback in g.mkfontcap
GRASS GIS
trac at osgeo.org
Mon May 21 13:06:17 PDT 2018
#3564: Inconsistent results from qsort callback in g.mkfontcap
---------------------+-------------------------
Reporter: yugr | Owner: grass-dev@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Default | Version: 7.4.0
Keywords: | CPU: All
Platform: All |
---------------------+-------------------------
Hi,
qsort callback compare_fonts in g.mkfontcap may return invalid result when
arguments are swapped. Such bugs may causes inconsistent order or even
crashes in some qsort implementations
(https://bugzilla.samba.org/show_bug.cgi?id=3959).
The issue has been detected when running standard testsuite under
SortChecker? (https://github.com/yugr/sortcheck):
g.mkfontcap[15109]: qsort: comparison function is not symmetric
(comparison function 0x4023c0 (/build/grass-7.0.3/dist.x86_64-pc-linux-
gnu/bin/g.mkfontcap+0x4023c0), called from 0x4017a8
(/build/grass-7.0.3/dist.x86_64-pc-linux-gnu/bin/g.mkfontcap+0x4017a8),
cmdline is "/build/grass-7.0.3/dist.x86_64-pc-linux-gnu/bin/g.mkfontcap
-s")
Problem is in lines
if (aa->type != bb->type)
return (aa->type > bb->type);
which should be replaced with something like
if (aa->type != bb->type)
return (aa->type > bb->type) ? 1 : -1;
As a side note, many qsort callbacks in Grass are vulnerable to integer
overflows e.g. cmp_edge in ./lib/vector/neta/spanningtree.c:
return ((edge_cost_pair *) pa)->cost - ((edge_cost_pair *) pb)->cost;
or longcmp in ./raster/r.kappa/prt_mat.c:
return (*a - *b);
and many many others.
--
Ticket URL: <https://trac.osgeo.org/grass/ticket/3564>
GRASS GIS <https://grass.osgeo.org>
More information about the grass-dev
mailing list