Bug#855789: aliasing bug while setting array sizes

2017-02-26 Thread Conrad Sand 
Hello,

I'm the upstream author of Armadillo.

In Armadillo 7.600.2, there are bugs in the conv() and conv2()
functions. The conv() and conv2() functions are used for signal and
image processing (convolutions). The bugs are exposed when the output of
the conv() or conv2() functions is set to be the same variable as one of
the input arguments (ie. the output variable is aliasing one of the
input variable). For example, the following will trigger the bugs:
  y = conv(y,x)
  y = conv2(y,x);

These are in effect data corruption bugs.

The patch (as listed by Kumar Appaiah in bug 855...@bugs.debian.org)
fixes the aliasing bugs by moving the initialisation of the output array
to be done after pre-processing of the input arrays.

The patch is a pure bug fix, and there is no new functionality
introduced.

With regards,
Conrad


On 21 February 2017 at 05:15, Ivo De Decker wrote:
> Control: tags -1 moreinfo
>
> Hi,
>
> On Mon, Feb 20, 2017 at 08:57:32PM +0530, Kumar Appaiah wrote:
>> Please unblock package armadillo. Upstream has sent the following
>> patch as a bug fix. I have CCed upstream (Conrad) here for any
>> questions that may arise.
>>
>> Please let me know if there is any further clarification or action
>> required from my side.
>
> There is no reference to any bug which describes the issue that is fixed.
> Could you add that (and remove the moreinfo tag from this bug when you do so)?
>
> Cheers,
>
> Ivo
>

Bug#855789: aliasing bug while setting array sizes

2017-02-21 Thread Kumar Appaiah 
Package: armadillo
Version: 1:7.600.2+dfsg-1
Severity: important
Tags: upstream

The upstream author has indicated that array sizes are being set
incorrectly in the convolution functions, causing an aliasing
bug. This impedes an essential functionality in armadillo. The
upstream author has contributed the applied patch.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Kumar Appaiah
diff -cr armadillo-7.600.2/include/armadillo_bits/glue_conv_meat.hpp armadillo-7.600.2-bugfix/include/armadillo_bits/glue_conv_meat.hpp
*** armadillo-7.600.2/include/armadillo_bits/glue_conv_meat.hpp	2016-06-17 02:16:11.0 +1000
--- armadillo-7.600.2-bugfix/include/armadillo_bits/glue_conv_meat.hpp	2016-06-17 02:16:12.0 +1000
***
*** 28,35 
const uword   x_n_elem= x.n_elem;
const uword out_n_elem= ((h_n_elem + x_n_elem) > 0) ? (h_n_elem + x_n_elem - 1) : uword(0);

-   (A_is_col) ? out.set_size(out_n_elem, 1) : out.set_size(1, out_n_elem);
-   
if( (h_n_elem == 0) || (x_n_elem == 0) )  { out.zeros(); return; }


--- 28,33 
***
*** 52,57 
--- 50,57 
arrayops::copy( &(xx_mem[h_n_elem_m1]), x_mem, x_n_elem );


+   (A_is_col) ? out.set_size(out_n_elem, 1) : out.set_size(1, out_n_elem);
+   
eT* out_mem = out.memptr();
  
for(uword i=0; i < out_n_elem; ++i)
***
*** 132,141 
const uword out_n_rows = ((W.n_rows + G.n_rows) > 0) ? (W.n_rows + G.n_rows - 1) : uword(0);
const uword out_n_cols = ((W.n_cols + G.n_cols) > 0) ? (W.n_cols + G.n_cols - 1) : uword(0);

-   out.set_size( out_n_rows, out_n_cols );
-   
if(G.is_empty() || W.is_empty())  { out.zeros(); return; }

Mat H(G.n_rows, G.n_cols);  // flipped filter coefficients

const uword H_n_rows = H.n_rows;
--- 132,140 
const uword out_n_rows = ((W.n_rows + G.n_rows) > 0) ? (W.n_rows + G.n_rows - 1) : uword(0);
const uword out_n_cols = ((W.n_cols + G.n_cols) > 0) ? (W.n_cols + G.n_cols - 1) : uword(0);

if(G.is_empty() || W.is_empty())  { out.zeros(); return; }

+   
Mat H(G.n_rows, G.n_cols);  // flipped filter coefficients

const uword H_n_rows = H.n_rows;
***
*** 159,164 
--- 158,166 

X( H_n_rows_m1, H_n_cols_m1, arma::size(W) ) = W;  // zero padded version of 2D image

+   
+   out.set_size( out_n_rows, out_n_cols );
+   
for(uword col=0; col < out_n_cols; ++col)
  {
  eT* out_colptr = out.colptr(col);