changeset 11811:c51deec2faf1 release-3-0-x

fix invalid memory read in glpk
author Jaroslav Hajek <highegg@gmail.com>
date Tue, 19 Aug 2008 13:59:30 -0400
parents 10697d2d7f4f
children 1695e4627d2b
files scripts/ChangeLog scripts/optimization/glpk.m src/ChangeLog src/DLD-FUNCTIONS/__glpk__.cc
diffstat 4 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/scripts/ChangeLog
+++ b/scripts/ChangeLog
@@ -1,3 +1,7 @@
+2008-08-19  Jaroslav Hajek <highegg@gmail.com>
+
+	* optimization/glpk.m: Fix invalid call to zeros.
+
 2008-08-19  David Bateman  <dbateman@free.fr>
 
 	statistics/base/ranks.m: Doc fix.
--- a/scripts/optimization/glpk.m
+++ b/scripts/optimization/glpk.m
@@ -470,7 +470,7 @@
 
   if (nargin > 3)
     if (isempty (lb))
-      lb = zeros (0, nx, 1);
+      lb = zeros (nx, 1);
     elseif (! isreal (lb) || all (size (lb) > 1) || length (lb) != nx)
       error ("LB must be a real valued %d by 1 column vector", nx);
       return;
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,8 @@
 2008-08-19  Jaroslav Hajek <highegg@gmail.com>
 
+	* DLD-FUNCTIONS/__glpk__.cc (F__glpk__): Checks whether LB and UB are
+	of proper size.
+
 	* oct-obj.cc, oct-obj.h (octave_value_list::make_argv): 
 	Allow calling without fcn_name.
 	* load-save.cc (parse_save_options (const string_vector&, ...)): 
--- a/src/DLD-FUNCTIONS/__glpk__.cc
+++ b/src/DLD-FUNCTIONS/__glpk__.cc
@@ -575,7 +575,7 @@
   //--            bound on each of the variables.
   Matrix LB (args(3).matrix_value ());
 
-  if (error_state)
+  if (error_state || LB.length () < mrowsc)
     {
       error ("__glpk__: invalid value of lb");
       return retval;
@@ -600,7 +600,7 @@
   //--            bound on each of the variables.
   Matrix UB (args(4).matrix_value ());
 
-  if (error_state)
+  if (error_state || UB.length () < mrowsc)
     {
       error ("__glpk__: invalid value of ub");
       return retval;