0028327: BSplCLib can cause memory corruption in degenerated cases

The code of the methods BSplCLib::KnotForm and BSplCLib::MultForm has been made safe by giving up using of address of array item for iteration on the Array1. Also the checking for degenerated case has been added to prevent out of bounds exception.

diff --git a/src/BSplCLib/BSplCLib.cxx b/src/BSplCLib/BSplCLib.cxx
index 3e4b68845cf97e0657e89a6df43b598cf6f5e06c..00f1e1815b810196fdda0eed3c52da39bf701b37 100644 (file)
--- a/src/BSplCLib/BSplCLib.cxx
+++ b/src/BSplCLib/BSplCLib.cxx
@@ -583,12 +583,14 @@ BSplCLib_KnotDistribution BSplCLib::KnotForm
    Standard_Real DU0,DU1,Ui,Uj,Eps0,val;
    BSplCLib_KnotDistribution  KForm = BSplCLib_Uniform;
 
-   Standard_Integer KLower = Knots.Lower();
-   const Standard_Real * pkn = &Knots(KLower);
-   pkn -= KLower;
-   Ui  = pkn[FromK1];
+   if (FromK1 + 1 > Knots.Upper())
+   {
+     return BSplCLib_Uniform;
+   }
+
+   Ui  = Knots(FromK1);
    if (Ui < 0) Ui = - Ui;
-   Uj  = pkn[FromK1 + 1];
+   Uj  = Knots(FromK1 + 1);
    if (Uj < 0) Uj = - Uj;
    DU0 = Uj - Ui;
    if (DU0 < 0) DU0 = - DU0;
@@ -596,10 +598,10 @@ BSplCLib_KnotDistribution BSplCLib::KnotForm
    Standard_Integer i = FromK1 + 1;
 
    while (KForm != BSplCLib_NonUniform && i < ToK2) {
-     Ui = pkn[i];      
+     Ui = Knots(i);
      if (Ui < 0) Ui = - Ui;
      i++;
-     Uj = pkn[i];
+     Uj = Knots(i);
      if (Uj < 0) Uj = - Uj;
      DU1 = Uj - Ui;
      if (DU1 < 0) DU1 = - DU1;
@@ -631,13 +633,15 @@ BSplCLib_MultDistribution BSplCLib::MultForm
     First = ToK2;
     Last  = FromK1;
   }
-  Standard_Integer MLower = Mults.Lower();
-  const Standard_Integer *pmu = &Mults(MLower);
-  pmu -= MLower;
-  Standard_Integer FirstMult = pmu[First];
+  if (First + 1 > Mults.Upper())
+  {
+    return BSplCLib_Constant;
+  }
+
+  Standard_Integer FirstMult = Mults(First);
   BSplCLib_MultDistribution MForm = BSplCLib_Constant;
   Standard_Integer i    = First + 1;
-  Standard_Integer Mult = pmu[i];
+  Standard_Integer Mult = Mults(i);
   
 //  while (MForm != BSplCLib_NonUniform && i <= Last) { ???????????JR????????
   while (MForm != BSplCLib_NonConstant && i <= Last) {
@@ -646,15 +650,15 @@ BSplCLib_MultDistribution BSplCLib::MultForm
     }
     else if (i == Last)  {
       if (MForm == BSplCLib_QuasiConstant) {
-       if (FirstMult != pmu[i])  MForm = BSplCLib_NonConstant;
+        if (FirstMult != Mults(i))  MForm = BSplCLib_NonConstant;
       }
       else {
-       if (Mult != pmu[i])       MForm = BSplCLib_NonConstant;
+        if (Mult != Mults(i))       MForm = BSplCLib_NonConstant;
       }
     }
     else {
-      if (Mult != pmu[i])         MForm = BSplCLib_NonConstant;
-      Mult = pmu[i];
+      if (Mult != Mults(i))         MForm = BSplCLib_NonConstant;
+      Mult = Mults(i);
     }
     i++;
   }