Opened 9 years ago

Closed 9 years ago

#90 closed defect (fixed)

Bug in factorSparseSmall (CoinFactorization2.cpp)

Reported by: sssiii Owned by: tkr
Priority: minor Component: component1
Version: 2.4.0 Keywords:
Cc:

Description

This is actually a CoinUtils? bug, but I did not find a bug report link on the respective page, so I am using the Cbc page.

My program crashed, so I ran valgrind and found out that there seems to be a problem with factorSparseSmall() in CoinFactorization2.cpp. You can find the relevant valgrind output below. I will trace the bug myself, but cannot say if I will find it.

Here the output:

==598== Invalid write of size 8 ==598== at 0x5A2103: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16085a38 is 0 bytes after a block of size 4,415,504 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596942: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid write of size 4 ==598== at 0x5A210A: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16973038 is 0 bytes after a block of size 2,207,752 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596969: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid read of size 4 ==598== at 0x5A2462: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16973038 is 0 bytes after a block of size 2,207,752 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596969: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid read of size 8 ==598== at 0x5A246A: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16085a38 is 0 bytes after a block of size 4,415,504 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596942: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid read of size 8 ==598== at 0x5A2266: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16085a38 is 0 bytes after a block of size 4,415,504 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596942: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid read of size 4 ==598== at 0x5A2269: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16973038 is 0 bytes after a block of size 2,207,752 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596969: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid write of size 8 ==598== at 0x5A2278: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16085a38 is 0 bytes after a block of size 4,415,504 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596942: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== ==598== Invalid write of size 4 ==598== at 0x5A2280: CoinFactorization::factorSparseSmall() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x59DF2E: CoinFactorization::factor() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69DBF5: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x4280F4: lp_joint_histogram_segmentation(Math2D::Matrix<unsigned> const&, double, unsigned, Math2D::Matrix<unsigned>&) (lp_segmentation.cc:2125) ==598== Address 0x16973038 is 0 bytes after a block of size 2,207,752 alloc'd ==598== at 0x4C2492C: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==598== by 0x5B6885: CoinArrayWithLength::conditionalNew(long) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x596969: CoinFactorization::getAreas(int, int, int, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x69D8D1: ClpFactorization::factorize(ClpSimplex?*, int, bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x750A4E: ClpSimplex::internalFactorize(int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x734734: ClpSimplexDual::statusOfProblemInDual(int&, int, double*, ClpDataSave?&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x736CDE: ClpSimplexDual::fastDual(bool) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x7F5BA2: OsiClpSolverInterface::solveFromHotStart() (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8AE0AE: CbcNode::chooseDynamicBranch(CbcModel?*, CbcNode?*, OsiSolverBranch?*&, int) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x898D92: CbcModel::chooseBranch(CbcNode?*&, int, CbcNode?*, OsiCuts?&, bool&, CoinWarmStartBasis?*, double const*, double const*, OsiSolverBranch?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A0189: CbcModel::doOneNode(CbcModel?*, CbcNode?*&, CbcNode?*&) (in /home/tosch/bin/lpseg.debug.L64) ==598== by 0x8A3AA7: CbcModel::branchAndBound(int) (in /home/tosch/bin/lpseg.debug.L64)

Change History (10)

comment:1 Changed 9 years ago by tkr

Can you try again to file this on the CoinUtils? bug tracker? Perhaps you were not logged in? I just checked and there is a "New Ticket" button there when you are logged in. If not, can you provide us with some details on that? We should fix that problem, too.

comment:2 Changed 9 years ago by tkr

  • Resolution set to invalid
  • Status changed from new to closed

comment:3 follow-up: Changed 9 years ago by tkr

  • Priority changed from major to minor
  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:4 Changed 9 years ago by tkr

Actually, it does look like something maybe appropriate to file here. Can you provide a way of duplicating the bug? It would help to know the version of Cbc you are using (set it below), the platform, compiler, etc., and also if you could attach the instance you were solving that would help.

comment:5 in reply to: ↑ 3 Changed 9 years ago by sssiii

Replying to tkr:

The bug has moved to CoinUtils? now, I managed to file it there (but I still think there should be a "report a bug" link on that page, too. Not everyone knows about the ticketing system).

Platform: 64-Bit Linux. Compiler: g++ 4.4.x (I tried several versions)

I have some new information, but will report that in the CoinUtils? system.

Also, ticket #90 and #91 are really identical. I clicked on cancel while creating the first ticket, because I wanted to add some text to the message.

It may be possible to provide all relevant source code, but that is not solely my decision and may take a while. I hope to find out more myself in the meantime (-> see the CoinUtils? system)

comment:6 Changed 9 years ago by tkr

  • Owner changed from somebody to tkr
  • Status changed from reopened to new

Just for complete information, this bug is related to the CoinUtils ticket 62. I have removed #91 as a duplicate. I also added a "report a bug" link to the CoinUtils wiki. Sorry, I just didn't realize why you were having trouble. It makes sense now. I still don't know what version of Cbc you're using though. Can you change it below?

comment:7 Changed 9 years ago by tkr

  • Status changed from new to assigned
  • Version set to 2.4.0

Never mind about the version, I saw in the bug report for ticket #91 that you are using Cbc 2.4.0.

comment:8 Changed 9 years ago by sssiii

Having looked deeper into the code, I am no longer sure that it is a CoinUtils? bug. It might be a Clp bug or even a Cbc bug. The problem is just that the size of elementU_ and indexRowU_ is reported as zero. Hence the pivot() routine cannot itself check if it is writing to not allocated memory. I would very much appreciate comments on the code as to where the size of these vectors is determined and stored.

comment:9 Changed 9 years ago by sssiii

I think this can be closed now. See CoinUtils? ticket #62.

comment:10 Changed 9 years ago by tkr

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.