#37862: libsvm 3.15 and 3.16 potential crash on svm_free_model_content() --------------------------------+------------------- Reporter: andre.dos.anjos@… | Owner: hum@… Type: defect | Status: new Priority: High | Milestone: Component: ports | Version: 2.1.2 Resolution: | Keywords: Port: libsvm | --------------------------------+------------------- Comment (by andre.dos.anjos@…): So, here you have the conversation. Can you consider the patch now? {{{ Delivered-To: andre.dos.anjos@... Received: by 10.59.7.130 with SMTP id dc2csp70684ved; Thu, 31 Jan 2013 04:48:46 -0800 (PST) ... From: Chih-Jen Lin <cjlin@...> ... Date: Thu, 31 Jan 2013 20:48:37 +0800 To: =?iso-8859-1?Q?Andr=E9?= Anjos <andre.dos.anjos@...> Subject: libsvm-3.15 & 3.16 initialization bug X-ASG-Orig-Subj: libsvm-3.15 & 3.16 initialization bug Yes, you are right. We will fix this in the next release. Best, Chih-Jen André Anjos writes:
Hello,
Please note that the newly introduced free() call at svm_free_model_content() (lines 2976+1):
free(model_ptr->sv_indices); model_ptr->sv_indices = NULL;
Potentially triggers a crash because "sv_indices" is never properly initialized when using svm_load_model (). It is only done if svm_train() is called.
This means that any "svm_load_model()" usage, depending on compile options and other code layout details, may load a model with an uninitialized value of "sv_indices" (!= 0) and the code indicated above would crash in this case.
I suggest the following patch @ svm_load_model() (arond line 2749):
model->sv_indices = NULL;
This should do the trick.
Best, }}}
-- Ticket URL: <https://trac.macports.org/ticket/37862#comment:4> MacPorts <http://www.macports.org/> Ports system for Mac OS