Dereferencing a null pointer for zero sized matrices

Submitted by Mmanu Chaturvedi

Assigned to Nobody

Link to original bugzilla bug (#1466)
Version: 3.3 (current stable)
Operating system: Linux

Description

If my assumption that Eigen allows multiplying zero sized matrices on purpose is correct, then there is a dereferencing of null pointer happening which seems benign to start with, but I'm not sure if it always so because the function getVectorMapper causing the trouble is used at other places as well.

To reproduce, here's the code (to be run with UBSan) :
https://gist.github.com/m-chaturvedi/5eb211e43b55943d3e86f7f13cd429b3

I say benign because all the usages of lhs0 variable which is calling the function dereferencing a null pointer (BlasUtil.h:218 via BlasUtil.h:211 in version 3.3.3) are conditional and never run for zero sized matrices:

https://bitbucket.org/m-chaturvedi/eigen/src/208058b9ad3fd54caf66a9c9972cfe80d4f4bc13/Eigen/src/Core/products/GeneralMatrixVector.h?at=3.3.3&fileviewer=file-view-default#GeneralMatrixVector.h-582

I observed that the bug is not reproducible with the current default, perhaps because GeneralMatrixVector.h was totally revamped, but is reproducible with 3.3.4.

Edited Dec 05, 2019 by Eigen Bugzilla