Skip to content

BUG: optimize/tnc/tnc.c: fix uninitialized xoffset when scale is provided #24209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
stratakis wants to merge 1 commit into
base: main
Choose a base branch
from
Open

BUG: optimize/tnc/tnc.c: fix uninitialized xoffset when scale is provided #24209

stratakis wants to merge 1 commit into from
+2 −0

Conversation

@stratakis
Copy link
Contributor

@stratakis stratakis commented Dec 20, 2025

When calling tnc() with a non-NULL scale array but NULL offset array, and scale[i] != 0.0, the xoffset[i] element was never initialized.

The uninitialized value was then read in tnc_minimize() -> scalex().

Found via Coverity scan analysis.

@stratakis
BUG: optimize/tnc/tnc.c: fix uninitialized xoffset when scale is prov…
7125214 
…ided

When calling tnc() with a non-NULL scale array but NULL offset array,
and scale[i] != 0.0, the xoffset[i] element was never initialized.

The uninitialized value was then read in tnc_minimize() -> scalex().

Found via Coverity scan analysis.
@stratakis stratakis requested a review from andyfaff as a code owner December 20, 2025 02:50
@github-actions github-actions bot added scipy.optimize C/C++ Items related to the internal C/C++ code base defect A clear bug or issue that prevents SciPy from being installed or used as expected labels Dec 20, 2025
@stratakis
Copy link
Contributor Author

stratakis commented Dec 20, 2025

Also providing the coverity scan message:

 38. scipy-1.16.2/scipy/optimize/tnc/tnc.c:344:5: alloc_fn: Calling "malloc" which returns uninitialized memory.
39. scipy-1.16.2/scipy/optimize/tnc/tnc.c:344:5: assign: Assigning: "xoffset" = "malloc(8UL * n)", which points to uninitialized data.
65. scipy-1.16.2/scipy/optimize/tnc/tnc.c:407:5: uninit_use_in_call: Using uninitialized value "*xoffset" when calling "tnc_minimize".
76. scipy-1.16.2/scipy/optimize/tnc/tnc.c:593:5: read_value: Reading value "*xoffset" when calling "scalex".
79. scipy-1.16.2/scipy/optimize/tnc/tnc.c:465:13: read_value: Reading value "xoffset[i]".
   405|   
   406|       /* Optimisation */
   407|->     rc = tnc_minimize(n, x, f, g, function, state,
   408|                         xscale, xoffset, &fscale, low, up, messages,
   409|                         maxCGit, maxnfeval, nfeval, niter, eta, stepmx,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andyfaff andyfaff Awaiting requested review from andyfaff andyfaff is a code owner

Assignees

No one assigned

Labels

C/C++ Items related to the internal C/C++ code base defect A clear bug or issue that prevents SciPy from being installed or used as expected scipy.optimize

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stratakis