Skip to content

Potential security issue in src_c/math.c: Unchecked return from initialization function #196

Description

@monocle-ai

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

1 instance of this defect were found in the following locations:

Instance 1
File : src_c/math.c
Function: _scalar_product

tmp = (_scalar_product(self->coords, other_coords, self->dim) /

Code extract:

        PyErr_SetString(PyExc_ValueError, "can't use slerp with Zero-Vector");
        return NULL;
    }
    tmp = (_scalar_product(self->coords, other_coords, self->dim) / <------ HERE
           (length1 * length2));
    /* make sure tmp is in the range [-1:1] so acos won't return NaN */

How can I fix it?
Correct reference usage found in src_c/math.c at line 1422.

norm_length = _scalar_product(norm_coords, norm_coords, dim);

Code extract:

    if (!PySequence_AsVectorCoords(normal, norm_coords, dim))
        return 0;

    norm_length = _scalar_product(norm_coords, norm_coords, dim); <------ HERE

    if (norm_length < epsilon) {

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions