[vtk-developers] Memory Bug in vtkDataArray

Daniel Aguilera daniel.aguilera at cea.fr
Mon Jan 29 08:26:35 EST 2007 

Hi all,

 

I found (and fix) a very dangerous memory bug in vtkDataArray :

 

In the two non template methods InterpolateTuple the two calls to
vtkTemplateMacro :

 

In vtkDataArray : 301


      vtkTemplateMacro(


        void* vfrom = fromData->GetVoidPointer(0);


        void* vto = this->WriteVoidPointer(idx, numComp);

        .

 

In vtkDataArray : 367


    vtkTemplateMacro(


      void* vfrom1 = fromData1->GetVoidPointer(id1*numComp);


      void* vfrom2 = fromData2->GetVoidPointer(id2*numComp);


      void* vto = this->WriteVoidPointer(loc, numComp);

       .

 

are erroneous (cause segmentation fault) when 'fromData' and 'this' are the
same. vfrom* pointers are retrieved BEFORE the call to WriteVoidPointer,
which may THEN reallocate the array, making vfrom* pointers no longer valid.

 

To avoid any memory fault, it MUST be written this way (vfrom retrieved
AFTER call to WriteVoidPointer) :

In vtkDataArray : 301


      vtkTemplateMacro(


        void* vto = this->WriteVoidPointer(idx, numComp);

        void* vfrom = fromData->GetVoidPointer(0);


        .

 

In vtkDataArray : 367


    vtkTemplateMacro(



      void* vto = this->WriteVoidPointer(loc, numComp);

       void* vfrom1 = fromData1->GetVoidPointer(id1*numComp);


      void* vfrom2 = fromData2->GetVoidPointer(id2*numComp);

      .

 

#########################################################

 

This kind of call happens when the method RequestData (in file
vtkClipDataSet at line 378) calls :


    cell->Clip(this->Value, cellScalars, this->Locator, conn[0],


               inPD, outPD, inCD, cellId, outCD[0], this->InsideOut);

 

Then in vtkCell3D.cxx line 310 :


        // VERY IMPORTANT: Notice that the outPD is used twice. This is
because the


        // tetra has been defined in terms of point ids that are defined in
the


        // output (because of the templates).


        this->ClipTetra->Clip(value, this->ClipScalars, locator, tets,
outPD,


                              outPD, inCD, cellId, outCD, insideOut);

 

And finally in vtkTetra.cxx line 909:

        outPD->InterpolateEdge(inPD,pts[i-1],p1,p2,t);

 

Where outPD == inPD, making vtkDataArray InterpolateTuple crash later.

 

Best Regards

Daniel Aguilera

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/vtk-developers/attachments/20070129/68e07171/attachment.html>

More information about the vtk-developers mailing list