|
 |
OOPS, I was tricked by the success of my "solution" but the bug
is actually worse.
Wolfgang Wieser wrote:
> [cross-post: povray.bugreports]
>
> Rendering this test code, I can reliably crash POVRay.
>
> -----------------------------------------------------------
> <snipped>
> -----------------------------------------------------------
>
Still. Correct
> The bug may not show up on you box because of it's nature:
>
Correct.
> The reason for the bug is uninitialized static data (yeah...).
>
No. Initializing static data is never a bad idea but the actual
reason for the bug is something else:
In fpmetric.cpp, around line 430, the following code can be found:
-----------------------------------
else
{
/* 1 copy */
if ((SectorNum[i] *= 2) >= Max_intNumber)
SectorNum[i] = Max_intNumber;
SectorNum[i + 1] = SectorNum[i];
SectorNum[i]++;
i++; // <--- BUG!!
Intervals_Low[INDEX_U][i] = low_vect[U];
-------------------------------------
The bug is where I marked it: i is increased but there is no check
if it stays in range 0..31 as required by the array sizes of
Intervals_Low[][] and SectorNum[].
So, the code should be changed into something like:
-----------------------------------
else
{
/* 1 copy */
+ if(i>=31)
+ { Do something (break, continue, ...) }
if ((SectorNum[i] *= 2) >= Max_intNumber)
SectorNum[i] = Max_intNumber;
SectorNum[i + 1] = SectorNum[i];
SectorNum[i]++;
i++;
Intervals_Low[INDEX_U][i] = low_vect[U];
-------------------------------------
I am pretty sure this is the actual reason for the bug because
test output showed the following values for i:
....
i=33
i=32
i=33
i=32
i=32
<crash>
Wolfgang
BTW, I still consider the check for SectorNum<0 in the Z component
calculation as unneeded.
Post a reply to this message
|
|
