From 72b13f2c99df8a4d92c1b02c56ad4935ff341923 Mon Sep 17 00:00:00 2001 From: Stefan Vigerske Date: Tue, 21 May 2024 10:26:59 +0700 Subject: [PATCH 1/2] avoid read of uninit memory when setting parent in SCIPrbtreeInsert - SET_PARENT would try to preserve color of node, but if that hasn't been set yet, it would read uninitialized memory --- src/scip/rbtree.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/scip/rbtree.c b/src/scip/rbtree.c index 37ee2562a6..520367657c 100644 --- a/src/scip/rbtree.c +++ b/src/scip/rbtree.c @@ -359,7 +359,11 @@ void SCIPrbtreeInsert_call( SCIP_RBTREENODE* node /**< node to insert into the tree */ ) { - SET_PARENT(node, parent); + /* we avoid SET_PARENT here, as this would read from uninitialized memory in an attempt to preserve the color of node */ + node->parent = (uintptr_t)parent | RED; + node->child[LEFT] = NULL; + node->child[RIGHT] = NULL; + if( parent == NULL ) *root = node; else if( pos > 0 ) @@ -367,8 +371,5 @@ void SCIPrbtreeInsert_call( else parent->child[RIGHT] = node; - node->child[LEFT] = NULL; - node->child[RIGHT] = NULL; - MAKE_RED(node); rbInsertFixup(root, node); } From 3cca264ab4ad8b06487a754a6a1b8b4195e0e277 Mon Sep 17 00:00:00 2001 From: Stefan Vigerske Date: Wed, 22 May 2024 11:31:31 +0700 Subject: [PATCH 2/2] fix typo --- src/scip/rbtree.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scip/rbtree.h b/src/scip/rbtree.h index fe38eee2b0..38b1cf0a6c 100644 --- a/src/scip/rbtree.h +++ b/src/scip/rbtree.h @@ -61,7 +61,7 @@ struct SCIP_RBTreeNode */ #define SCIP_RBTREE_HOOKS SCIP_RBTREENODE _rbtreenode -/* convenience macros that automtically cast the given arguments to SCIP_RBTREENODE */ +/* convenience macros that automatically cast the given arguments to SCIP_RBTREENODE */ #define SCIPrbtreeFirst(root) SCIPrbtreeFirst_call((SCIP_RBTREENODE*)(root)) #define SCIPrbtreeLast(root) SCIPrbtreeLast_call((SCIP_RBTREENODE*)(root)) #define SCIPrbtreeSuccessor(x) SCIPrbtreeSuccessor_call((SCIP_RBTREENODE*)(x))