fix(graph): bounds-check vertex indices in insert_edge (#34)#37
Merged
Conversation
insert_edge wrote g->edges[source]/g->degree[source] (and the undirected mirror at [destination]) with no bounds check. edges[]/degree[] are fixed-size MAXV+1 arrays, so a vertex index outside the valid 1-indexed [1, MAXV] range — reachable from JS via the exported insertEdge() WASM API — writes past the end of the arrays, corrupting WASM linear memory. It also set number_vertices = max unconditionally, which would later drive build_csr to allocate and iterate out of bounds. Add a guard at the top of insert_edge (before the number_vertices update) rejecting any source/destination outside [1, MAXV], mirroring the Issue #9 fix in kruskal's insertadjver. Forwarding from insertEdge() in main.c is covered since it calls straight through to insert_edge. Adds two Unity regression tests (oversized and non-positive vertex ids); both fail red without the guard and pass green with it. Closes #34 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #34.
insert_edgeinsrc/sean/wasm/graph.cwroteg->edges[source],g->degree[source](and the undirected mirror atdestination) without any bounds check. Those arrays are fixed-sizeMAXV + 1(valid 1-indexed range[1, MAXV]), so a vertex index outside that range — reachable from JavaScript via the exportedinsertEdge()WASM API — writes past the end of the arrays and corrupts WASM linear memory. It also setnumber_vertices = maxunconditionally, which would later drivebuild_csrto allocate/iterate out of bounds.Fix
insert_edge(before thenumber_verticesupdate) rejecting anysource/destinationoutside[1, MAXV], with astderrmessage and early return.number_vertices = maxprevents an out-of-range index from poisoningbuild_csr's sizing/iteration.insertadjver. The publicinsertEdge()inmain.cforwards straight through toinsert_edge, so the single guard covers the WASM entry point.Tests
Two Unity regression tests in
test_graph.c:test_insert_edge_rejects_oversized_vertex— source/destination> MAXVtest_insert_edge_rejects_nonpositive_vertex— vertex0/ negativeBoth fail red without the guard (
number_verticesbecomes non-zero) and pass green with it. Verified locally:🤖 Generated with Claude Code