Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buffer overflow detected when adding 10 million or more columns #199

Open
Wert5 opened this issue Sep 27, 2022 · 2 comments
Open

buffer overflow detected when adding 10 million or more columns #199

Wert5 opened this issue Sep 27, 2022 · 2 comments

Comments

@Wert5
Copy link

Wert5 commented Sep 27, 2022

When adding the 10 millionth column to a CoinModel I get the following error message:
*** buffer overflow detected *** : ./solver terminated
A stack trace shows that the error occurs during CoinModel::addColumn(int, int const*, double const*, double, double, double, char const*, bool) () from /usr/lib/x86_64-linux-gnu/libCoinUtils.so.3
The next function on the stack trace was ___sprintf_chk which suggests that the problem is an overflow writing to a string.

Examining the code, I believe the issue is the format limitation of 7 characters for the number when creating a default name in addColumn. This makes sense because 10000000 is the first integer that requires 8 characters in a string.

CoinUtils/src/CoinModel.cpp

Lines 929 to 935 in ee7c023

if (name) {
columnName_.addHash(numberColumns_, name);
} else if (!noNames_) {
char name[9];
sprintf(name, "c%7.7d", numberColumns_);
columnName_.addHash(numberColumns_, name);
}

Increasing this limit from 7 characters to 10 characters would allow up to 9.999 * 10^9 = almost 10 billion variables, which is way more than anyone could practically solve.

Currently, I can work around this issue by setting noNames to true in the CoinModel constructor. I have confirmed that setting noNames to true prevents the error.

Although I understand that 10 million variables may be more variables than Coin was designed for, it solves in a reasonable time. My program, which uses Coin to solve 2 problems with over 10 million variables, finishes running in 12 minutes on my laptop.
@jjhforrest
Copy link
Contributor

Not wishing to disturb the code too much, I think the best thing to do is leave maximum at 8 characters when adding a row/column without a name. I will add a function to CoinUtils to create an 8 character name for a row or column. If >10000000 it will start using characters as well - this will easily allow up to 2**31 which is maximum number of rows/columns. In other places the coding is slightly different and may not have same bug - but if the error is found in other places we can just slot in that function.

@jjhforrest
Copy link
Contributor

Put change into master. The names are not elegant - I use a - z and pad out with 0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jjhforrest @Wert5