Fix out--of-bounds read in xlarrv functions

Memory access bound check is missing in slarrv, dlarrv, clarrv and zlarrv functions. Updated these functions to ensure array M is within range 0 <= M <= N Change-Id: I9a3b7af2399bc435abb2dab7dcdf41d5df12bf4c
amd · May 11, 2022 · 8f281f1 · 8f281f1
1 parent 51d901f
commit 8f281f1
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 13 deletions.
diff --git a/src/map/lapack2flamec/f2c/c/clarrv.c b/src/map/lapack2flamec/f2c/c/clarrv.c
@@ -255,6 +255,7 @@
  /* > he might be trading in precision when he decreases MINRGP. */
  /* > =-3: Problem in SLARRB when refining a single eigenvalue */
  /* > after the Rayleigh correction was rejected. */
+ /* > =-4: M value exceeds N */
  /* > = 5: The Rayleigh Quotient Iteration failed to converge to */
  /* > full accuracy in MAXITR steps. */
  /* > \endverbatim */
@@ -395,9 +396,13 @@
  /* Function Body */
  *info = 0;
  /* Quick return if possible */
- if (*n <= 0) {
- AOCL_DTL_TRACE_EXIT(AOCL_DTL_LEVEL_TRACE_5);
- return 0;
+ if ((*n <= 0) || (*m <= 0) || (*m > *n))
+ {
+    if (*m > *n) 
+	*info = -4;
+
+    AOCL_DTL_TRACE_EXIT(AOCL_DTL_LEVEL_TRACE_5);
+    return 0;
  }
  /* The first N entries of WORK are reserved for the eigenvalues */
  indld = *n + 1;
@@ -1111,4 +1116,4 @@
  /* End of CLARRV */
  }
  /* clarrv_ */
-
+
diff --git a/src/map/lapack2flamec/f2c/c/dlarrv.c b/src/map/lapack2flamec/f2c/c/dlarrv.c
@@ -258,6 +258,7 @@
  /* > he might be trading in precision when he decreases MINRGP. */
  /* > =-3: Problem in DLARRB when refining a single eigenvalue */
  /* > after the Rayleigh correction was rejected. */
+ /* > =-4: M value exceeds N */
  /* > = 5: The Rayleigh Quotient Iteration failed to converge to */
  /* > full accuracy in MAXITR steps. */
  /* > \endverbatim */
@@ -388,8 +389,12 @@
  /* Function Body */
  *info = 0;
  /* Quick return if possible */
- if (*n <= 0) {
- return 0;
+ if ((*n <= 0) || (*m <= 0) || (*m > *n))
+ {
+    if (*m > *n)
+      *info = -4;
+
+    return 0;
  }
  /* The first N entries of WORK are reserved for the eigenvalues */
  indld = *n + 1;
@@ -1059,4 +1064,4 @@
  /* End of DLARRV */
  }
  /* dlarrv_ */
-
+
diff --git a/src/map/lapack2flamec/f2c/c/slarrv.c b/src/map/lapack2flamec/f2c/c/slarrv.c
@@ -258,6 +258,7 @@
  /* > he might be trading in precision when he decreases MINRGP. */
  /* > =-3: Problem in SLARRB when refining a single eigenvalue */
  /* > after the Rayleigh correction was rejected. */
+ /* > =-4: M value exceeds N */
  /* > = 5: The Rayleigh Quotient Iteration failed to converge to */
  /* > full accuracy in MAXITR steps. */
  /* > \endverbatim */
@@ -383,8 +384,12 @@
  /* Function Body */
  *info = 0;
  /* Quick return if possible */
- if (*n <= 0) {
- return 0;
+ if ((*n <= 0) || (*m <= 0) || (*m > *n))
+ {
+    if (*m > *n)
+       *info = -4;
+
+    return 0;
  }
  /* The first N entries of WORK are reserved for the eigenvalues */
  indld = *n + 1;
@@ -1054,4 +1059,4 @@
  /* End of SLARRV */
  }
  /* slarrv_ */
-
+
diff --git a/src/map/lapack2flamec/f2c/c/zlarrv.c b/src/map/lapack2flamec/f2c/c/zlarrv.c
@@ -255,6 +255,7 @@
  /* > he might be trading in precision when he decreases MINRGP. */
  /* > =-3: Problem in DLARRB when refining a single eigenvalue */
  /* > after the Rayleigh correction was rejected. */
+ /* > =-4: M value exceeds N */
  /* > = 5: The Rayleigh Quotient Iteration failed to converge to */
  /* > full accuracy in MAXITR steps. */
  /* > \endverbatim */
@@ -386,8 +387,12 @@
  /* Function Body */
  *info = 0;
  /* Quick return if possible */
- if (*n <= 0) {
- return 0;
+ if ((*n <= 0) || (*m <= 0) || (*m > *n))
+ {
+    if (*m > *n)
+       *info = -4;
+
+    return 0;
  }
  /* The first N entries of WORK are reserved for the eigenvalues */
  indld = *n + 1;
@@ -1095,4 +1100,4 @@
  /* End of ZLARRV */
  }
  /* zlarrv_ */
-
+