[Scipy-tickets] [SciPy] #1638: cephes_smirnov nan-to-int conversion bug

SciPy Trac scipy-tickets@scipy....
Fri Mar 30 16:03:47 CDT 2012


#1638: cephes_smirnov nan-to-int conversion bug
---------------------------+------------------------------------------------
 Reporter:  pv             |       Owner:  pv         
     Type:  defect         |      Status:  new        
 Priority:  normal         |   Milestone:  Unscheduled
Component:  scipy.special  |     Version:  0.10.0     
 Keywords:                 |  
---------------------------+------------------------------------------------
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653948
 http://permalink.gmane.org/gmane.comp.python.scientific.devel/16262

 ---------------------------

 The `cephes_smirnov` function in `kolmogorov.c` can go into a very long
 loop, due to the following line of code
 {{{
       double e;
       ...
       nn = (int) (floor ((double) n * (1.0 - e)));
 }}}
 If `e` happens to be `nan`, the value of `nn` is unspecified. It is used
 as a loop upper bound, so it will effectively hang the process.

 The cast miraculously seems to work OK (gives zero?) on x86, but produces
 large numbers on MIPS.

 There are probably also other instances of this bug in the code. All
 float-to-integer casts where the operand may be NAN probably should be
 guarded by `n = (int)x; if (x - n != 0) { mtherr(...); return NPY_NAN; }`
 or something like that (this would also protect against integer overflow).

-- 
Ticket URL: <http://projects.scipy.org/scipy/ticket/1638>
SciPy <http://www.scipy.org>
SciPy is open-source software for mathematics, science, and engineering.


More information about the Scipy-tickets mailing list