*Subject*: Re: [eigen] CholmodSupport.h in Eigen 3.1 alpha returns a mapped matrix then frees the storage being mapped.*From*: Douglas Bates <bates@xxxxxxxxxxxxx>*Date*: Wed, 7 Dec 2011 09:15:17 -0600

On Tue, Dec 6, 2011 at 6:43 PM, Christoph Hertzberg <chtz@xxxxxxxxxxxxxxxxxxxxxxxx> wrote: > On 07.12.2011 00:00, Douglas Bates wrote: >> >> I mentioned this once before but did not get around to creating an >> test case to show the problem. In CholmodSupport.h the internal >> _solve functions assign a mapped dense or sparse matrix to the dest >> reference and then free the storage that is mapped. >> >> For example, in the dense case the _solve function ends with >> >> >> dest = >> Matrix<Scalar,Dest::RowsAtCompileTime,Dest::ColsAtCompileTime>::Map(reinterpret_cast<Scalar*>(x_cd->x),b.rows(),b.cols()); >> cholmod_free_dense(&x_cd,&m_cholmod); > > > Yes, but that means the values of x_cd are copied to dest -- even if dest is > also a Map-type, operator= copies everything by value. This is not optimal, > but I don't see a critical problem with that. Though, maybe I'm missing > something? Thank you, Christoph. I should have realized that. >> One of the side-effects of cholmod_free_dense is to free the storage >> to which x_cd->x points. >> >> I think that the tests in eigen/unsupported/test/sparse_llt.cpp pass >> because the value is tested immediately and the freed storage has not >> been overwritten. >> >> I'm not exactly sure how to create a test case to show the problem. >> By default Cholmod uses malloc/free for dynamic storage and I'm not >> sure how this interacts with the C++ dynamic storage allocation for >> objects. I would like to ensure that the freed chunk of storage >> pointed to by x_cd->x is overwritten after the result has been >> returned but that involves knowing more about malloc, etc. than I do. > > > The easiest way to test is to run the test with valgrind (assuming you run > linux), which would give you (at least) a warning as soon as freed memory is > accessed. Yes. Again, I should have realized that. Sorry for the noise. > You could also modify the _solve-function and overwrite the values in > x_cd->x immediately before cholmod_free_dense is called.

