Bug#805534: Potential stack overflow in Correlation.cpp
Mirko Scholz
scholz at chemie.uni-siegen.de
Thu Nov 19 09:35:01 UTC 2015
Package: qtiplot
Version: 0.9.8.9-10
On systems that limit the stack space per user, the current implementation of
correlation causes a stack overflow for large tables, say 1e6 rows. Otherwise
this amount of rows is handled well by Qtiplot.
The attached patch solves the problem, albeit you may want to implement
it differently.
Upstream (www.qtiplot.com) does not accept patches anymore
-------------- next part --------------
--- qtiplot-0.9.8.9/qtiplot/src/analysis/Correlation.cpp 2015-11-04 11:36:44.139928471 +0100
+++ qtiplot-0.9.8.9/qtiplot/src/analysis/Correlation.cpp 2015-11-04 11:44:03.501165132 +0100
@@ -150,21 +150,22 @@
if (d_n > d_table->numRows())
d_table->setNumRows(d_n);
int cols = d_table->numCols();
int cols2 = cols+1;
d_table->addCol();
d_table->addCol();
int n = d_n/2;
- double x_temp[d_n], y_temp[d_n];
+ double *x_temp = new double[d_n];
+ double *y_temp = new double[d_n];
for (int i = 0; i<d_n; i++){
double x = i - n;
x_temp[i] = x;
double y;
if(i < n)
y = d_x[n + i];
else
y = d_x[i - n];
y_temp[i] = y;
@@ -185,11 +186,13 @@
if (d_graphics_display){
if (!d_output_graph)
createOutputGraph();
DataCurve *c = new DataCurve(d_table, d_table->colName(cols), d_table->colName(cols2));
c->setData(x_temp, y_temp, d_n);
c->setPen(QPen(d_curveColor, 1));
d_output_graph->insertPlotItem(c, Graph::Line);
d_output_graph->updatePlot();
}
+ delete[] x_temp;
+ delete[] y_temp;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20151119/39c8ab8b/attachment.sig>
More information about the debian-science-maintainers
mailing list