Invalid read size in cs_post_anisotropy_invariant, possible index error.

[deanrw]

In running valgrind to debug an unrelated issue, I noticed it returned the following, relating to the cs_post_anisotropy_invariant utility function.

==585844== Invalid read of size 8
==585844==    at 0x4B4FB74: cs_post_anisotropy_invariant (cs_post_util.c:780)
==585844==    by 0x12C0A2: cs_user_postprocess_values (cs_user_postprocess-profiles.c:904)
==585844==    by 0x4B4BE98: cs_post_time_step_output (cs_post.c:7844)
==585844==    by 0x4B4C070: cs_post_write_vars (cs_post.c:7932)
==585844==    by 0x4B4D674: cs_post_default_write_variables (cs_post_default.c:226)
==585844==    by 0x495EC5A: caltri_ (caltri.f90:1079)
==585844==    by 0x4860225: _run (cs_solver.c:511)
==585844==    by 0x4860558: main (cs_solver.c:779)
==585844==  Address 0x1e7ca150 is 0 bytes after a block of size 1,200 alloc'd
==585844==    at 0x48447A8: malloc (vg_replace_malloc.c:446)
==585844==    by 0x581D1C8: bft_mem_malloc (bft_mem.c:829)
==585844==    by 0x4B4F9E2: cs_post_anisotropy_invariant (cs_post_util.c:754)
==585844==    by 0x12C0A2: cs_user_postprocess_values (cs_user_postprocess-profiles.c:904)
==585844==    by 0x4B4BE98: cs_post_time_step_output (cs_post.c:7844)
==585844==    by 0x4B4C070: cs_post_write_vars (cs_post.c:7932)
==585844==    by 0x4B4D674: cs_post_default_write_variables (cs_post_default.c:226)
==585844==    by 0x495EC5A: caltri_ (caltri.f90:1079)
==585844==    by 0x4860225: _run (cs_solver.c:511)
==585844==    by 0x4860558: main (cs_solver.c:779)

I believe this arises because the wrong array index is used to access values of the rij array on these lines:

code_saturne/src/base/cs_post_util.cpp

Lines 788 to 800 in 45e337c

	for (cs_lnum_t iloc = 0; iloc < n_cells; iloc++) {
	cs_lnum_t iel = cell_ids[iloc];
	cs_real_t xk = 0.5*(rij[iel][0]+rij[iel][1]+rij[iel][2]);
	cs_real_t bij[3][3];
	cs_real_t xeta, xksi;
	bij[0][0] = rij[iel][0]/(2.0*xk) - d1s3;
	bij[1][1] = rij[iel][1]/(2.0*xk) - d1s3;
	bij[2][2] = rij[iel][2]/(2.0*xk) - d1s3;
	bij[0][1] = rij[iel][3]/(2.0*xk);
	bij[1][2] = rij[iel][4]/(2.0*xk);
	bij[0][2] = rij[iel][5]/(2.0*xk);

Rather than iel, shouldn't it be iloc? The rij array is allocated to be n_cells big, where n_cells is a value passed into the function along with a cell_ids list. Thus the indexing used here is not that of the parent mesh. Indeed, the rij array is filled by indexing across i=0; i < n_cells in the preceding code.

(Note this valgrind report is from runs on v8.0.3, but I note the code for this function hasn't changed in the master branch)

Best regards,

Dean

[YvanFournier]

Hello,

Yes, thanks for reporting this.

I just fixed this in the master branch (pushed a few minutes ago). I'll merge the fix to the v8.2 and v8.0 branches also.