diff --git a/CMakeLists.txt b/CMakeLists.txt index bb7677af43..5ee416fffe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,7 @@ set( CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS TRUE ) # Define here the needed parameters set (OPENRAVE_VERSION_MAJOR 0) set (OPENRAVE_VERSION_MINOR 167) -set (OPENRAVE_VERSION_PATCH 12) +set (OPENRAVE_VERSION_PATCH 13) set (OPENRAVE_VERSION ${OPENRAVE_VERSION_MAJOR}.${OPENRAVE_VERSION_MINOR}.${OPENRAVE_VERSION_PATCH}) set (OPENRAVE_SOVERSION ${OPENRAVE_VERSION_MAJOR}.${OPENRAVE_VERSION_MINOR}) message(STATUS "Compiling OpenRAVE Version ${OPENRAVE_VERSION}, soversion=${OPENRAVE_SOVERSION}") diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst index 9f7d18410f..69d7864d60 100644 --- a/docs/source/changelog.rst +++ b/docs/source/changelog.rst @@ -3,6 +3,11 @@ ChangeLog ######### +Version 0.167.13 +=============== + +- Fix potential bad memory access at `polyroots` function. + Version 0.167.12 =============== diff --git a/include/openrave/mathextra.h b/include/openrave/mathextra.h index badf6e79cc..9e1cd50bdc 100644 --- a/include/openrave/mathextra.h +++ b/include/openrave/mathextra.h @@ -1219,6 +1219,8 @@ template inline void polyroots(const IKReal* rawcoeffs, IKReal* rawroots, int& numroots) { using std::complex; + static_assert(D > 1, "D should be greater than 1. Solve linear equation to handle D==1 case"); // this function accesses roots[1] + BOOST_ASSERT(rawcoeffs[0] != 0); const IKReal tol = 128.0*std::numeric_limits::epsilon(); const IKReal tolsqrt = sqrt(std::numeric_limits::epsilon()); @@ -1466,7 +1468,9 @@ inline bool computequinticnextdiscretizedstep(const T* coeffs, const T step, con polyroots(&tempcoeffs[3], rawroots, numroots); } else if( tempcoeffs[4] != 0 ) { - polyroots(&tempcoeffs[4], rawroots, numroots); + // polyroots(&tempcoeffs[4], rawroots, numroots); // out-of-bound memory access + numroots = 1; + rawroots[0] = -tempcoeffs[5]/tempcoeffs[4]; } bool bFound = false; for( int i = 0; i < numroots; ++i ) { @@ -1512,7 +1516,7 @@ inline bool computecubicnextdiscretizedstep(const T* coeffs, const T step, const polyroots(&tempcoeffs[1], rawroots, numroots); } else if( tempcoeffs[2] != 0 ) { - // polyroots(&tempcoeffs[2], rawroots, numroots); + // polyroots(&tempcoeffs[2], rawroots, numroots); // out-of-bound memory access numroots = 1; rawroots[0] = -tempcoeffs[3]/tempcoeffs[2]; } diff --git a/src/libopenrave/planningutils.cpp b/src/libopenrave/planningutils.cpp index c47ef4e7b0..50a9db799c 100644 --- a/src/libopenrave/planningutils.cpp +++ b/src/libopenrave/planningutils.cpp @@ -4166,7 +4166,9 @@ int DynamicsCollisionConstraint::Check(const std::vector& q0, const std:: mathextra::polyroots(&_vrawcoeffs[1], &_vrawroots[0], numroots); } else if( _vrawcoeffs[2] != 0 ) { - mathextra::polyroots(&_vrawcoeffs[2], &_vrawroots[0], numroots); + // mathextra::polyroots(&_vrawcoeffs[2], &_vrawroots[0], numroots); // out-of-bound memory access + numroots = 1; + _vrawroots[0] = -_vrawcoeffs[3]/_vrawcoeffs[2]; } break; case IT_Quintic: @@ -4186,7 +4188,9 @@ int DynamicsCollisionConstraint::Check(const std::vector& q0, const std:: mathextra::polyroots(&_vrawcoeffs[3], &_vrawroots[0], numroots); } else if( _vrawcoeffs[4] != 0 ) { - mathextra::polyroots(&_vrawcoeffs[4], &_vrawroots[0], numroots); + // mathextra::polyroots(&_vrawcoeffs[4], &_vrawroots[0], numroots); // out-of-bound memory access + numroots = 1; + _vrawroots[0] = -_vrawcoeffs[5]/_vrawcoeffs[4]; } break; default: