New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incomplete comparison with function strncmp #193
Comments
|
Anyone can help confirm this issue? thanks. |
|
Yes, it looks like a bug to me too. We should indeed change to |
|
I think best solution will be to implement strcmp(str1, str2) != 0 . I will do a PR on CVXOPT and also on my own fork (KVXOPT) with that change. |
|
I just checked this part of the code could be updated to use TypeCheck_Capsule. Having that, no string comparison is needed. You can check that umfpack.c has this logic already |
Code snippet
Description
Function:
solve/spsolve/diag/getfactor
Call-path:
1. solve (Python) -> solve -> strncmp
2. spsolve (Python) -> spsolve -> strncmp
3. diag(Python) -> diag -> strncmp
4. getfactor(Python) -> getfactor-> strncmp
WarningType: Incomplete comparison.
Out analysis tool reported four warnings about the incomplete comparison of strings as shown above.
When the comparison length is 14, the terminator would be ignored. Hence even the strncmp returns 0, the reality may not match expectations specifically when variable descr depends on external inputs (Python).
For example, descr = "CHOLMOD FACTORMalicious", the comparison still return 0.
Also seen in solve, spsolve, diag and getfactor
The text was updated successfully, but these errors were encountered: