Package: r-cran-lpsolve Version: 5.6.15 Severity: normal Dear Maintainer,
It seems that there exits a potential Integer Overflow in src/mmio.c. in line 53, (53) if (mm_read_mtx_crd_size(f, &M, &N, &nz) !=0) ... (65) I = (int *) malloc(nz * sizeof(int)); (66) J = (int *) malloc(nz * sizeof(int)); in function mm_read_mtx_crd_size(FILE *f, int *M, int *N, int *nz ), in line 207, (207) if (sscanf(line, "%d %d %d", M, N, nz) >= 2) As a result, in line 65, variable nz is read from external source. If nz is large enough, multiplication may cause allocation to wrong value. -- System Information: Debian Release: 11.0 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-19041-Microsoft Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
