Skip to content

[Code scan] Reject one-past angular momentum indices in TwoCenterTable #7552

Description

@njzjz

This issue is a result of a Codex global repository scan.

TwoCenterTable::is_present() bounds-checks the final angular momentum index with l <= index_map_.shape().dim_size(6). The table is allocated with length bra.lmax() + ket.lmax() + 1, so valid indices are 0..dim_size(6)-1. Passing l == dim_size(6) can therefore call index_map_.get_value(...) one past the allocated final dimension.

Allocation:

// index the table by generating a map from (itype1, l1, izeta1, itype2, l2, izeta2, l) to a row index
index_map_.resize({bra.ntype(),
bra.lmax() + 1,
bra.nzeta_max(),
ket.ntype(),
ket.lmax() + 1,
ket.nzeta_max(),
bra.lmax() + ket.lmax() + 1});
std::fill(index_map_.data<int>(), index_map_.data<int>() + index_map_.NumElements(), -1);

Bounds check:

bool TwoCenterTable::is_present(const int itype1,
const int l1,
const int izeta1,
const int itype2,
const int l2,
const int izeta2,
const int l) const
{
// The given indices map to an entry in the table if they fall within the bounds of index_map_ and
// the value of the entry in index_map_ is non-negative
return itype1 >= 0 && itype1 < index_map_.shape().dim_size(0) && l1 >= 0 && l1 < index_map_.shape().dim_size(1)
&& izeta1 >= 0 && izeta1 < index_map_.shape().dim_size(2) && itype2 >= 0
&& itype2 < index_map_.shape().dim_size(3) && l2 >= 0 && l2 < index_map_.shape().dim_size(4) && izeta2 >= 0
&& izeta2 < index_map_.shape().dim_size(5) && l >= 0 && l <= index_map_.shape().dim_size(6)
&& index_map_.get_value<int>(itype1, l1, izeta1, itype2, l2, izeta2, l) >= 0;

Relevant code:

index_map_.resize({...,
                   bra.lmax() + ket.lmax() + 1});
...
&& izeta2 < index_map_.shape().dim_size(5) && l >= 0 && l <= index_map_.shape().dim_size(6)
&& index_map_.get_value<int>(itype1, l1, izeta1, itype2, l2, izeta2, l) >= 0;

Suggested fix:

Use l < index_map_.shape().dim_size(6), matching the neighboring dimension checks, before indexing index_map_.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions