Fix #847: missing range checks in statespace_*.h files

[mhucka]

CodeQL scans flagged lines like 353 in lib/statespace_avx512.h, reporting that the use of offset m should follow the range check:

     while (rs[m] < csum && m < num_samples) {

In more detail:

The program contains an and-expression where the array access is defined before the range check. Consequently the array is accessed without any bounds checking. The range check does not protect the program from segmentation faults caused by attempts to read beyond the end of a buffer.

The same issue exists in the following files:

• statespace_basic.h
• statespace_sse.h
• statespace_avx512.h
• statespace_avx.h

[pavoljuhas]

There seems to be one more such case:

diff --git a/lib/statespace_cuda_kernels.h b/lib/statespace_cuda_kernels.h
index b54ebca..0bc4ba7 100644
--- a/lib/statespace_cuda_kernels.h
+++ b/lib/statespace_cuda_kernels.h
@@ -318,5 +318,5 @@ __global__ void SampleKernel(unsigned num_blocks,
         FP3 im = state[l + warp_size];
         csum += re * re + im * im;
-        while (rs[m] < csum && m < num_samples) {
+        while (m < num_samples && rs[m] < csum) {
           bitstrings[m++] = k0 + k;
         }

Otherwise LGTM.

[mhucka]

There seems to be one more such case:

diff --git a/lib/statespace_cuda_kernels.h b/lib/statespace_cuda_kernels.h
index b54ebca..0bc4ba7 100644
--- a/lib/statespace_cuda_kernels.h
+++ b/lib/statespace_cuda_kernels.h
@@ -318,5 +318,5 @@ __global__ void SampleKernel(unsigned num_blocks,
         FP3 im = state[l + warp_size];
         csum += re * re + im * im;
-        while (rs[m] < csum && m < num_samples) {
+        while (m < num_samples && rs[m] < csum) {
           bitstrings[m++] = k0 + k;
         }

Otherwise LGTM.

Thanks for catching that.

[mhucka]

The latest commit has that fixed.