Buffer overflow when exporting groebner bases #258
Description
Commit ac3d06a introduced a fix when exporting groebner bases in export_results_from_groebner_qq.
However, when calling export_groebner_qq from the C++ interface I wrote for the TRIP language, I get a buffer overflow in export_results_from_groebner_qq.
The problem is very clear, it appears at the following line :
export_results_from_groebner_qq /tmp/msolve/src/msolve/lifting-gb.c:1687
export_groebner_qq /tmp/msolve/src/msolve/lifting-gb.c:1988
Indeed, we write in array evi at indexes 0, 1 and 2 because ht->evl = 3 but evi is only of size 2, because ht->nv = 2.
len_t evl = ht->evl;
int *evi = (int *)malloc((unsigned long)ht->nv * sizeof(int));
if (ebl == 0) {
for (len_t i = 1; i <= evl; ++i) {
evi[i-1] = i;
}
}Looking at msolve/src/neogb/hash.c, we can see in initialize_basis_hash_table that ht->evl = ht->nv + 1, so something is wrong somewhere.
Also, since export_groebner_qq is only used in the Julia package AlgebraicSolving.jl, I cannot reproduce the problem with msolve only. However, it seems that the issue occurs pretty often. My test was with the following system :
x, y
0,
x^2 + y^2 - 25,
x^3 - 5*y^2 + 1
For now, I am doing this call which is inspired by what AlgebraicSolving.jl is doing.
export_groebner_qq (&malloc, bld, blen, bexp, bcf, lens, exps, cfs, field_char=0, mon_order=0, elim_block_len=0,
nr_vars=2, nr_gens=2, ht_size=17, nr_threads=1, max_nr_pairs=0, reset_ht=0, la_option=2, reduce_gb=1, pbm_file=0, truncate_lifting=0, info_level=0)