From 8f281f182d2b24e53edc85b16a232c7db0363314 Mon Sep 17 00:00:00 2001 From: prangana Date: Wed, 11 May 2022 04:06:17 -0400 Subject: [PATCH] Fix out--of-bounds read in xlarrv functions Memory access bound check is missing in slarrv, dlarrv, clarrv and zlarrv functions. Updated these functions to ensure array M is within range 0 <= M <= N Change-Id: I9a3b7af2399bc435abb2dab7dcdf41d5df12bf4c --- src/map/lapack2flamec/f2c/c/clarrv.c | 13 +++++++++---- src/map/lapack2flamec/f2c/c/dlarrv.c | 11 ++++++++--- src/map/lapack2flamec/f2c/c/slarrv.c | 11 ++++++++--- src/map/lapack2flamec/f2c/c/zlarrv.c | 11 ++++++++--- 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/src/map/lapack2flamec/f2c/c/clarrv.c b/src/map/lapack2flamec/f2c/c/clarrv.c index 0a7f97bb2..9f8f424f9 100644 --- a/src/map/lapack2flamec/f2c/c/clarrv.c +++ b/src/map/lapack2flamec/f2c/c/clarrv.c @@ -255,6 +255,7 @@ /* > he might be trading in precision when he decreases MINRGP. */ /* > =-3: Problem in SLARRB when refining a single eigenvalue */ /* > after the Rayleigh correction was rejected. */ + /* > =-4: M value exceeds N */ /* > = 5: The Rayleigh Quotient Iteration failed to converge to */ /* > full accuracy in MAXITR steps. */ /* > \endverbatim */ @@ -395,9 +396,13 @@ /* Function Body */ *info = 0; /* Quick return if possible */ - if (*n <= 0) { - AOCL_DTL_TRACE_EXIT(AOCL_DTL_LEVEL_TRACE_5); - return 0; + if ((*n <= 0) || (*m <= 0) || (*m > *n)) + { + if (*m > *n) + *info = -4; + + AOCL_DTL_TRACE_EXIT(AOCL_DTL_LEVEL_TRACE_5); + return 0; } /* The first N entries of WORK are reserved for the eigenvalues */ indld = *n + 1; @@ -1111,4 +1116,4 @@ /* End of CLARRV */ } /* clarrv_ */ - \ No newline at end of file + diff --git a/src/map/lapack2flamec/f2c/c/dlarrv.c b/src/map/lapack2flamec/f2c/c/dlarrv.c index 600189de4..219855a8a 100644 --- a/src/map/lapack2flamec/f2c/c/dlarrv.c +++ b/src/map/lapack2flamec/f2c/c/dlarrv.c @@ -258,6 +258,7 @@ /* > he might be trading in precision when he decreases MINRGP. */ /* > =-3: Problem in DLARRB when refining a single eigenvalue */ /* > after the Rayleigh correction was rejected. */ + /* > =-4: M value exceeds N */ /* > = 5: The Rayleigh Quotient Iteration failed to converge to */ /* > full accuracy in MAXITR steps. */ /* > \endverbatim */ @@ -388,8 +389,12 @@ /* Function Body */ *info = 0; /* Quick return if possible */ - if (*n <= 0) { - return 0; + if ((*n <= 0) || (*m <= 0) || (*m > *n)) + { + if (*m > *n) + *info = -4; + + return 0; } /* The first N entries of WORK are reserved for the eigenvalues */ indld = *n + 1; @@ -1059,4 +1064,4 @@ /* End of DLARRV */ } /* dlarrv_ */ - \ No newline at end of file + diff --git a/src/map/lapack2flamec/f2c/c/slarrv.c b/src/map/lapack2flamec/f2c/c/slarrv.c index f10e6ce6c..d0d9481f6 100644 --- a/src/map/lapack2flamec/f2c/c/slarrv.c +++ b/src/map/lapack2flamec/f2c/c/slarrv.c @@ -258,6 +258,7 @@ /* > he might be trading in precision when he decreases MINRGP. */ /* > =-3: Problem in SLARRB when refining a single eigenvalue */ /* > after the Rayleigh correction was rejected. */ + /* > =-4: M value exceeds N */ /* > = 5: The Rayleigh Quotient Iteration failed to converge to */ /* > full accuracy in MAXITR steps. */ /* > \endverbatim */ @@ -383,8 +384,12 @@ /* Function Body */ *info = 0; /* Quick return if possible */ - if (*n <= 0) { - return 0; + if ((*n <= 0) || (*m <= 0) || (*m > *n)) + { + if (*m > *n) + *info = -4; + + return 0; } /* The first N entries of WORK are reserved for the eigenvalues */ indld = *n + 1; @@ -1054,4 +1059,4 @@ /* End of SLARRV */ } /* slarrv_ */ - \ No newline at end of file + diff --git a/src/map/lapack2flamec/f2c/c/zlarrv.c b/src/map/lapack2flamec/f2c/c/zlarrv.c index f9fa1a03f..872b51856 100644 --- a/src/map/lapack2flamec/f2c/c/zlarrv.c +++ b/src/map/lapack2flamec/f2c/c/zlarrv.c @@ -255,6 +255,7 @@ /* > he might be trading in precision when he decreases MINRGP. */ /* > =-3: Problem in DLARRB when refining a single eigenvalue */ /* > after the Rayleigh correction was rejected. */ + /* > =-4: M value exceeds N */ /* > = 5: The Rayleigh Quotient Iteration failed to converge to */ /* > full accuracy in MAXITR steps. */ /* > \endverbatim */ @@ -386,8 +387,12 @@ /* Function Body */ *info = 0; /* Quick return if possible */ - if (*n <= 0) { - return 0; + if ((*n <= 0) || (*m <= 0) || (*m > *n)) + { + if (*m > *n) + *info = -4; + + return 0; } /* The first N entries of WORK are reserved for the eigenvalues */ indld = *n + 1; @@ -1095,4 +1100,4 @@ /* End of ZLARRV */ } /* zlarrv_ */ - \ No newline at end of file +