Buffer overflow in test_scotch_graph_map data/m4x4_b100000.grf
Some (unfortunately) unknown dependency change in Fedora Rawhide is triggering a buffer oferflow crash in test_scotch_graph_map data/m4x4_b100000.grf. It still seems to be present in 7.0.3.
gdb ./test_scotch_graph_map
(gdb) run data/m4x4_b100000.grf
Starting program: /builddir/build/BUILD/scotch-v7.0.3/src/check/test_scotch_graph_map data/m4x4_b100000.grf
Strat 0, arch 0, type 0
*** buffer overflow detected ***: terminated
Program received signal SIGABRT, Aborted.
0x00007ffff7cf4144 in __pthread_kill_implementation () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff7cf4144 in __pthread_kill_implementation () from /lib64/libc.so.6
#1 0x00007ffff7ca2b5e in raise () from /lib64/libc.so.6
#2 0x00007ffff7c8b87f in abort () from /lib64/libc.so.6
#3 0x00007ffff7c8c60f in __libc_message.cold () from /lib64/libc.so.6
#4 0x00007ffff7d88929 in __fortify_fail () from /lib64/libc.so.6
#5 0x00007ffff7d87164 in __chk_fail () from /lib64/libc.so.6
#6 0x00007ffff7f601bd in memset (__len=<optimized out>, __ch=<optimized out>, __dest=<optimized out>, __dest=<optimized out>, __ch=<optimized out>, __len=<optimized out>) at /usr/include/bits/string_fortified.h:59
#7 _SCOTCHbgraphBipartGg (grafptr=<optimized out>, paraptr=0x5555555598e8) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_gg.c:310
#8 0x00007ffff7f679bc in _SCOTCHbgraphBipartSt (grafptr=0x7fffffffd680, strat=<optimized out>) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_st.c:284
#9 0x00007ffff7f67e1c in bgraphBipartMl2 (grafptr=grafptr@entry=0x7fffffffd680, paraptr=0x555555559878) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_ml.c:210
#10 0x00007ffff7f681c4 in _SCOTCHbgraphBipartMl (grafptr=0x7fffffffd680, paraptr=<optimized out>) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_ml.c:359
#11 0x00007ffff7f67a1e in _SCOTCHbgraphBipartSt (grafptr=0x7fffffffd680, strat=<optimized out>) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_st.c:318
#12 0x00007ffff7f7bde8 in kgraphMapRbPart2 (contptr=0x7fffffffd960, spltnum=spltnum@entry=0, spltptr=spltptr@entry=0x7fffffffd7b0) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/kgraph_map_rb_part.c:273
#13 0x00007ffff7f7c18c in _SCOTCHkgraphMapRbPart (dataptr=<optimized out>, grafptr=<optimized out>, vflonbr=<optimized out>, vflotab=<optimized out>, contptr=<optimized out>)
at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/kgraph_map_rb_part.c:390
#14 0x00007ffff7f797f6 in _SCOTCHkgraphMapRb (grafptr=0x7fffffffd980, paraptr=<optimized out>) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/kgraph_map_rb.c:157
#15 0x00007ffff7f858b9 in graphMapCompute2 (actgrafptr=actgrafptr@entry=0x7fffffffdc50, mappptr=mappptr@entry=0x7fffffffdc30, mapoptr=mapoptr@entry=0x0, emraval=emraval@entry=1, vmlotab=vmlotab@entry=0x0, vfixnbr=vfixnbr@entry=0,
straptr=straptr@entry=0x7fffffffdc00) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/library_graph_map.c:287
#16 0x00007ffff7f85aeb in SCOTCH_graphMapCompute (grafptr=grafptr@entry=0x7fffffffdc50, mappptr=mappptr@entry=0x7fffffffdc30, straptr=straptr@entry=0x7fffffffdc00)
at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/library_graph_map.c:311
#17 0x0000555555555a91 in main (argc=<optimized out>, argv=<optimized out>) at /builddir/build/BUILD/scotch-v7.0.3/src/check/test_scotch_graph_map.c:201
(gdb) up
#7 _SCOTCHbgraphBipartGg (grafptr=<optimized out>, paraptr=0x5555555598e8) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_gg.c:310
310 memSet (flagtax + grafptr->s.baseval, ~0, grafptr->s.vertnbr * sizeof (byte));
(gdb) print flagtax
$1 = (unsigned char * restrict) 0x555555543700 <error: Cannot access memory at address 0x555555543700>
(gdb) up
#8 0x00007ffff7f679bc in _SCOTCHbgraphBipartSt (grafptr=0x7fffffffd680, strat=<optimized out>) at /builddir/build/BUILD/scotch-v7.0.3/src/libscotch/bgraph_bipart_st.c:284
284 o = bgraphBipartSt (grafptr, strat->data.concat.strat[0]); /* Apply the first strategy */
(gdb) print *grafptr
$2 = {s = {flagval = 240, baseval = 100000, vertnbr = 16, vertnnd = 100016, verttax = 0x5555554f8a10, vendtax = 0x5555554f8a14, velotax = 0x0, velosum = 16, vnumtax = 0x0, vlbltax = 0x0, edgenbr = 48, edgetax = 0x5555554f8a60,
edlotax = 0x0, edlosum = 48, degrmax = 4}, veextax = 0x0, parttax = 0x555555543200 <error: Cannot access memory at address 0x555555543200>, frontab = 0x555555559750, fronnbr = 0, compload0min = 6, compload0max = 6,
compload0avg = 6, compload0dlt = 0, compload0 = 16, compsize0 = 16, commload = 5, commloadextn0 = 0, commgainextn0 = 0, commgainextn = 0, bbalval = 1.6666666666666667, domndist = 1, domnwght = {2, 3}, vfixload = {0, 0}, levlnum = 0,
contptr = 0x7fffffffd960}
(gdb) print grafptr->s.baseval
$3 = 100000
(gdb) print grafptr->s.vertnbr
$4 = 16