[petsc-dev] [PATCH] Fix buffer overrun in threaded MatZeroEntries_SeqBAIJ

[Lawrence Mitchell]

rmap->trstarts counts rows in the matrix, but a->i only has nrows/bs
entries.  Fix start and end indexing by dividing by the block size.

While we're here, update the sizeof call to use MatScalar rather than
PetscScalar.
---
I think I sent this to petsc-maint a while ago, but either it didn't
make it, or slipped through the cracks.  Anyway, here goes again.  If
configured with threading, MatZeroEntries on a BAIJ Mat indexes too
far into a->i, the fix is just to divide appropriately by the block
size, I think.

I wonder if the sizeof change should instead be to:

sizeof(*(a->a))

so that one doesn't have to update again if the Mat datatype changes
in the future.

 src/mat/impls/baij/seq/baij2.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/mat/impls/baij/seq/baij2.c b/src/mat/impls/baij/seq/baij2.c
index aa1ed44..46d1cac 100644
--- a/src/mat/impls/baij/seq/baij2.c
+++ b/src/mat/impls/baij/seq/baij2.c
@@ -2709,10 +2709,10 @@ PetscErrorCode MatZeroEntries_SeqBAIJ_Kernel(PetscInt thread_id,Mat A)
   PetscInt       n,start,end;
   Mat_SeqBAIJ     *a = (Mat_SeqBAIJ*)A->data;
 
-  start = trstarts[thread_id];
-  end   = trstarts[thread_id+1];
+  start = trstarts[thread_id]/A->rmap->bs;
+  end   = trstarts[thread_id+1]/A->rmap->bs;
   n     = a->i[end] - a->i[start];
-  ierr  = PetscMemzero(a->a+a->bs2*a->i[start],a->bs2*n*sizeof(PetscScalar));CHKERRQ(ierr);
+  ierr  = PetscMemzero(a->a+a->bs2*a->i[start],a->bs2*n*sizeof(MatScalar));CHKERRQ(ierr);
   return 0;
 }
 
-- 
2.1.0