Uploaded image for project: 'ROOT'
  1. ROOT
  2. ROOT-6706

Array overflow in TH1::Rebin

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.34/21
    • Fix Version/s: None
    • Component/s: Core Libraries
    • Labels:
      None
    • Environment:

      Any OS

      Description

      On line 5985 of TH1.cxx the index oldbin+i can overflow the array oldBins. This happens consistently when all the 3 following conditions are verified at the same time:

      1) the newname argument is provided (namely a new histogram is created without overwriting the current one);

      2) the xbins argument is provided and is != 0 (namely a new variable bin size histogram is created);

      3) the new bins go beyond the upper edge of the last bin of the old histogram (e.g. the old histogram range is [0,100], the new histogram range is [0,150]).

      In such cases the conditional 5981-5982 is false even when oldbin+i > nbins (nbins is the size of the oldBins array).
      My proposed solution is to change line 5981 to if( (oldbin+i > nbins) ||.
      In this way the overflow of the array is always avoided.

        Attachments

          Activity

            People

            • Assignee:
              moneta Lorenzo Moneta
              Reporter:
              saiola Salvatore Aiola
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: