Fix buffer overflow from scoring bin rounding #864
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this change, there was a small risk of buffer overflow in the
tutor7pp fluence scoring arrays. The value r2 was checked to be less
than 400, and then the scoring bin number (from 0 to 199) is calculated
using the expression
(int)(sqrt(r2)*10.)
. The problem with this checkis that certain double precision values less than 400 can nevertheless
have a square root equal to exactly 20.0 due to floating-point rounding.
For example, taking the square root of the double 399.99999999999994
results in 20.0 under certain conditions, not a value slightly less than
20.0 as would be expected. The default g++ rounding mode is
round-to-nearest, so even with the square root's true value being under
20.0, the resulting double can be rounded upwards to 20.0 if the true
value is closer to 20.0 than the previous representable float. Then,
scoring in bin 200 results in buffer overflow in the scoring array.
This change ensures the resulting scoring array bin integer is in bounds
(< 200), eliminating the potential for buffer overflow.
Fixes #863.