[Scipy-tickets] [SciPy] #1638: cephes_smirnov nan-to-int conversion bug
SciPy Trac
scipy-tickets@scipy....
Fri Mar 30 16:03:47 CDT 2012
#1638: cephes_smirnov nan-to-int conversion bug
---------------------------+------------------------------------------------
Reporter: pv | Owner: pv
Type: defect | Status: new
Priority: normal | Milestone: Unscheduled
Component: scipy.special | Version: 0.10.0
Keywords: |
---------------------------+------------------------------------------------
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653948
http://permalink.gmane.org/gmane.comp.python.scientific.devel/16262
---------------------------
The `cephes_smirnov` function in `kolmogorov.c` can go into a very long
loop, due to the following line of code
{{{
double e;
...
nn = (int) (floor ((double) n * (1.0 - e)));
}}}
If `e` happens to be `nan`, the value of `nn` is unspecified. It is used
as a loop upper bound, so it will effectively hang the process.
The cast miraculously seems to work OK (gives zero?) on x86, but produces
large numbers on MIPS.
There are probably also other instances of this bug in the code. All
float-to-integer casts where the operand may be NAN probably should be
guarded by `n = (int)x; if (x - n != 0) { mtherr(...); return NPY_NAN; }`
or something like that (this would also protect against integer overflow).
--
Ticket URL: <http://projects.scipy.org/scipy/ticket/1638>
SciPy <http://www.scipy.org>
SciPy is open-source software for mathematics, science, and engineering.
More information about the Scipy-tickets
mailing list