On 28 October 2024 at 16:02, Dirk Eddelbuettel wrote:
|
| This is apparently now CVE-2024-50610 [1], I was just pinged (as the Debian
| maintainer) by the Debian security team.
|
| Does the GSL team have a view on the preferred fix? Bracket the allocation
| with an if (non_negative) { ... } block as suggested?
Patch proposal:
--- gsl-2.8+dfsg.orig/siman/siman.c
+++ gsl-2.8+dfsg/siman/siman.c
@@ -197,6 +197,9 @@ gsl_siman_solve_many (const gsl_rng * r,
double u; /* throw the die to choose a new "x" */
int n_iter;
+ /* this function requires that n_tries be positive */
+ assert(params.n_tries > 0);
+
if (print_position) {
printf ("#-iter temperature position");
printf (" delta_pos energy\n");
The test program then aborts:
# gcc gsl_cve_ex.c -o gsl_cve_ex -lgsl
# ./gsl_cve_ex
gsl_cve_ex: siman.c:201: gsl_siman_solve_many: Assertion `params.n_tries > 0'
failed.
Aborted (core dumped)
#
Dirk
--
dirk.eddelbuettel.com | @eddelbuettel | [email protected]
