Number: 659
Title: Seg fault due to bad array index in pathplan/cvt.c
Submitter: John Hinsdale
Date: Thu Mar 24 09:05:08 2005
Subsys: Neato
Version: 2.2
System: x86-Linux-2.4.20 (Debian)
Severity: critical
Problem:
I'm getting a seg faulat near line 134 of pathplan/cvt.c: 

    for (i = dad[config->N]; i != config->N + 1; i = dad[i])

In GDB (debugger) it is showing variable "i" taking on the value -1 ... this then caause the loop iteration step to attempt to access dad[-1] which seg faults.

I fixed it with this: 


    for (i = dad[config->N]; i >= 0 && i != config->N + 1; i = dad[i])

I also applied this fix about seven lines down to a similar loop.

Hope this helps. Unfortunately I no longer have the input that generated the error, but I'm hoping you can figure out how it could have happened (is -1 a special case value for indexes in the dad[] array? -- if so perhaps it needs to be checked for here).
Comments:
[erg] As with bug 658, since i can never be -1, this is indicative of a much more serious problem. It may indeed be another version of 658. When the real fix of 658 is removed and the suggested fix is added, the 658 seg fault doesn't occur, nor does this one, but the output is definitely screwy, with a loop having 2 beziers.

I'm going to leave this open, but I'm guessing the fix for 658 also fixes this one.

[erg] I believe this has been fixed by bug 670. Without a test case, will never know.
Owner: erg
Status: Fixed (7 April 2005)