Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undefined behaviour when providing a flux histogram with more than 5000 bins #27

Open
davehadley opened this issue Oct 24, 2023 · 1 comment
Open

Undefined behaviour when providing a flux histogram with more than 5000 bins #27

davehadley opened this issue Oct 24, 2023 · 1 comment

Comments

@davehadley
Copy link
Contributor

davehadley commented Oct 24, 2023
edited
Loading

When providing a finely binned flux histogram with more than 5000 bins nuwro writes beyond the end of an array which is undefined behaviour in C++ and on my system causes a crash with the confusing error message:

malloc(): invalid size (unsorted)

and the stack trace is:

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1  0x00007f54fce21d9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2  0x00007f54fcdd2f32 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f54fcdbd472 in __GI_abort () at ./stdlib/abort.c:79
#4  0x00007f54fce16340 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f54fcf30459 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#5  0x00007f54fce2b6ba in malloc_printerr (str=str@entry=0x7f54fcf33568 "malloc(): invalid size (unsorted)") at ./malloc/malloc.c:5660
#6  0x00007f54fce2e7ac in _int_malloc (av=av@entry=0x7f54fcf69c60 <main_arena>, bytes=47200) at ./malloc/malloc.c:3998
#7  0x00007f54fce2f90a in __GI___libc_malloc (bytes=<optimized out>) at ./malloc/malloc.c:3315
#8  0x00007f54fd12058c in operator new(unsigned long) () from /lib/x86_64-linux-gnu/libstdc++.so.6
#9  0x00005576ed2e84a7 in EnergyProfile::read (this=this@entry=0x5576ef3cb2d8, s=" 25.0 29500.0 16865220799.131208 21944159327.242607 27023097855.354004 32102036383.465408 37180974911.576813 42259913439.688210 47338851967.799614 52417790495.911011 57496729024.022415 62575667552.133"...)
    at src/EnergyProfile.h:129
#10 0x00005576ed2e9017 in EnergyProfile::EnergyProfile (s=" 25.0 29500.0 16865220799.131208 21944159327.242607 27023097855.354004 32102036383.465408 37180974911.576813 42259913439.688210 47338851967.799614 52417790495.911011 57496729024.022415 62575667552.133"..., this=0x5576ef3cb2d8)
    at src/EnergyProfile.h:55
#11 beam_uniform::beam_uniform (p=..., this=0x5576ef3cb2d0) at src/beam_uniform.h:24
#12 beam_mixed::beam_mixed (this=0x5576eec68a90, p=...) at src/beam_mixed.h:44
#13 0x00005576ed2e4ec0 in create_beam (p=..., detector=<optimized out>) at src/beam.cc:24
#14 0x00005576ed2d3eb8 in NuWro::init (this=this@entry=0x5576ed78ab80 <nuwro>, argc=argc@entry=3, argv=argv@entry=0x7fff9d452488) at src/nuwro.cc:167
#15 0x00005576ed2976b6 in NuWro::main (this=0x5576ed78ab80 <nuwro>, argc=3, argv=0x7fff9d452488) at src/nuwro.cc:994
#16 0x00005576ed298ab6 in main (argc=3, argv=0x7fff9d452488) at src/main.cc:34

An example parameter.txt that reproduces this bug is attached to this issue.

The problem is caused in

nuwro/src/EnergyProfile.h

Line 123 in c8d29a6

double *bufor = new double[5000]; 

inline void EnergyProfile::read(string s) {
  if (prob) delete[] prob;
  if (prob2) delete[] prob2;
  prob2 = prob = NULL;
  Emin = Emax = n = 0;

  stringstream in(s);
  in >> Emin >> Emax;
  Emin *= MeV;
  Emax *= MeV;
  if (!in || Emax==Emin) return;
  
  double *bufor = new double[5000];
    
  while (in >> bufor[n])  // error happens here when n >= 5000
    n++;

  if (n == 0) 
  {  n = 1;
     bufor[0] = 1;
  }

  prob = new double[n];
  prob2 = new double[n];
  Elow  = new double[n];
  Ehigh = new double[n];
  
  double prev1 = 0, prev2 = 0;
  for (int i = 0; i < n; i++) {

    Elow[i] = Emin + (i) * (Emax - Emin)/n;
    Ehigh[i] = Emin + (i+1) * (Emax - Emin)/n;
    double E = (Elow[i] + Ehigh[i]) / 2.0;
  
    prob[i] = prev1 += bufor[i];
    prob2[i] = prev2 += bufor[i] * E;
  }
  
  delete[] bufor;
}

buffor has a fixed size of 5000 but there is no check in the while loop if n>=5000 has been reached.

As far as I can tell this 5000 bin restriction does not apply to flux histograms provided via the ROOT histogram method.

It would be better to produce a better error message and throw an exception or exit the application if it is intended not to support > 5000 bin inputs.
@davehadley
Copy link
Contributor Author

Parameters file that reproduces the bug: parameters.txt

karuboniru added a commit to karuboniru/nuwro that referenced this issue Oct 24, 2023
@karuboniru
Use vector in EnergyProfile (fix NuWro#27)
e10f0df
karuboniru added a commit to karuboniru/nuwro that referenced this issue Oct 24, 2023
@karuboniru
Use vector in EnergyProfile (fix NuWro#27)
c15e0a4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@davehadley