POV-Ray : Newsgroups : povray.bugreports : Re: [patch] POVRay crash with parametric object Server Time
22 Dec 2024 09:34:51 EST (-0500)
  Re: [patch] POVRay crash with parametric object (Message 1 to 1 of 1)  
From: Wolfgang Wieser
Subject: Re: [patch] POVRay crash with parametric object
Date: 23 Jun 2003 03:59:32
Message: <3ef6b364@news.povray.org>
OOPS, I was tricked by the success of my "solution" but the bug 
is actually worse. 

Wolfgang Wieser wrote:
> [cross-post: povray.bugreports]
> 
> Rendering this test code, I can reliably crash POVRay.
> 
> -----------------------------------------------------------
> <snipped>
> -----------------------------------------------------------
> 
Still. Correct

> The bug may not show up on you box because of it's nature:
> 
Correct. 

> The reason for the bug is uninitialized static data (yeah...).
> 
No. Initializing static data is never a bad idea but the actual 
reason for the bug is something else: 

In fpmetric.cpp, around line 430, the following code can be found:

-----------------------------------
                else
                {
                        /* 1 copy */
                        if ((SectorNum[i] *= 2) >= Max_intNumber)
                                SectorNum[i] = Max_intNumber;
                        SectorNum[i + 1] = SectorNum[i];
                        SectorNum[i]++;
                        i++;     // <--- BUG!!
                        Intervals_Low[INDEX_U][i] = low_vect[U];
-------------------------------------

The bug is where I marked it: i is increased but there is no check 
if it stays in range 0..31 as required by the array sizes of 
Intervals_Low[][] and SectorNum[]. 

So, the code should be changed into something like: 

-----------------------------------
                else
                {
                        /* 1 copy */
+                       if(i>=31)
+                       {  Do something (break, continue, ...)  }
                        if ((SectorNum[i] *= 2) >= Max_intNumber)
                                SectorNum[i] = Max_intNumber;
                        SectorNum[i + 1] = SectorNum[i];
                        SectorNum[i]++;
                        i++;
                        Intervals_Low[INDEX_U][i] = low_vect[U];
-------------------------------------

I am pretty sure this is the actual reason for the bug because 
test output showed the following values for i: 
....
i=33
i=32
i=33
i=32
i=32
<crash>

Wolfgang

BTW, I still consider the check for SectorNum<0 in the Z component 
calculation as unneeded.


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.