Running the following code (also attached as a file) triggers a segmentation error.
*#include <stdio.h>#include <gsl/gsl_sort.h>#include <gsl/gsl_statistics.h>int main(void){ double upperq; double data[5] = {17.2, 18.1, 16.5, 18.3, 12.6}; gsl_sort (data, 1, 5); upperq = gsl_stats_quantile_from_sorted_data (data, 1, 5, 675); return 0;}// gcc statsort_bug.c -lgsl -lgslcblas; ./a.out* The error points to statistics/quantiles_source.c:41: * result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ;* The segmentation error is due to a stack buffer overflow (where lhs=2700, strid=1 as shown in GDB). The bug could be exploited for security attack, knowing that it occurs when the quantile "f" is beyond the expected [0,1] range (f=675 in this case). BR, Zhoulai
statsort_bug.c
Description: Binary data