Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix buffer overflow from scoring bin rounding
Before this change, there was a small risk of buffer overflow in the tutor7pp fluence scoring arrays. The value r2 was checked to be less than 400, and then the scoring bin number (from 0 to 199) is calculated using the expression (int)(sqrt(r2)*10.). The problem with this check is that certain double precision values less than 400 can nevertheless have a square root equal to exactly 20.0 due to floating-point rounding. For example, taking the square root of the double 399.99999999999994 results in 20.0 under certain conditions, not a value slightly less than 20.0 as would be expected. The default g++ rounding mode is round-to-nearest, so even with the square root's true value being under 20.0, the resulting double can be rounded upwards to 20.0 if the true value is closer to 20.0 than the previous representable float. Then, scoring in bin 200 results in buffer overflow in the scoring array. This change ensures the resulting scoring array bin integer is in bounds (< 200), eliminating the potential for buffer overflow.
- Loading branch information