Buffer overrun in cosmology.c
Running --cosmology with the GCC sanitizer enabled and it came across an overflow at line 781 of src/cosmology.c,
i.e:
if (i_a != cosmology_table_length) {
* scale = r_interp - c->comoving_distance_interp_table[i_a - 1];
scale /= c->comoving_distance_interp_table[i_a] -
c->comoving_distance_interp_table[i_a - 1];Turns out the issue is an underflow when i_a == 0, since we index by i_a - 1.
Applied a simple fix of:
if (i_a < cosmology_table_length && i_a > 0) {which should protect against over and underruns, but since I've no idea if this is a critical change over to you.
(btw, sanitizer calls this an overflow to the left, hence the confusing description of underflow).
Edited by Peter W. Draper