Adam Majer
c620f66df0
stack out of bounds read in gsl_stats_quantile_from_sorted_data() (bsc#1214681, CVE-2020-353570) OBS-URL: https://build.opensuse.org/package/show/science/gsl?expand=0&rev=43
74 lines
2.0 KiB
Diff
74 lines
2.0 KiB
Diff
From 989a193268b963aa1047814f7f1402084fb7d859 Mon Sep 17 00:00:00 2001
|
|
From: Patrick Alken <alken@colorado.edu>
|
|
Date: Sat, 16 Apr 2022 11:56:10 -0600
|
|
Subject: fix for bug #59624
|
|
|
|
---
|
|
NEWS | 2 ++
|
|
statistics/quantiles.c | 1 +
|
|
statistics/quantiles_source.c | 35 +++++++++++++++++++++--------------
|
|
3 files changed, 24 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/statistics/quantiles.c b/statistics/quantiles.c
|
|
index 96a3a25..50898d9 100644
|
|
--- a/statistics/quantiles.c
|
|
+++ b/statistics/quantiles.c
|
|
@@ -1,5 +1,6 @@
|
|
#include <config.h>
|
|
#include <gsl/gsl_statistics.h>
|
|
+#include <gsl/gsl_errno.h>
|
|
|
|
#define BASE_LONG_DOUBLE
|
|
#include "templates_on.h"
|
|
diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c
|
|
index e2956d9..b2feba4 100644
|
|
--- a/statistics/quantiles_source.c
|
|
+++ b/statistics/quantiles_source.c
|
|
@@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE sorted_data[],
|
|
const size_t n,
|
|
const double f)
|
|
{
|
|
- const double index = f * (n - 1) ;
|
|
- const size_t lhs = (int)index ;
|
|
- const double delta = index - lhs ;
|
|
- double result;
|
|
-
|
|
- if (n == 0)
|
|
- return 0.0 ;
|
|
-
|
|
- if (lhs == n - 1)
|
|
+ if ((f < 0.0) || (f > 1.0))
|
|
{
|
|
- result = sorted_data[lhs * stride] ;
|
|
+ GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0);
|
|
}
|
|
- else
|
|
+ else
|
|
{
|
|
- result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ;
|
|
- }
|
|
+ const double index = f * (n - 1) ;
|
|
+ const size_t lhs = (int)index ;
|
|
+ const double delta = index - lhs ;
|
|
+ double result;
|
|
|
|
- return result ;
|
|
+ if (n == 0)
|
|
+ return 0.0 ;
|
|
+
|
|
+ if (lhs == n - 1)
|
|
+ {
|
|
+ result = sorted_data[lhs * stride] ;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ;
|
|
+ }
|
|
+
|
|
+ return result ;
|
|
+ }
|
|
}
|
|
--
|
|
cgit v1.1
|
|
|