From 4c20d7493cbb5ddea476e912b7a57e15de867096 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Tue, 17 Feb 2026 01:47:12 +0100 Subject: [PATCH] Additional coverity fixes Related: RHEL-120814 --- python3.14-scipy.spec | 7 ++- scipy-coverity-fixes.patch | 98 ++++++++++++++++++++++++++------------ 2 files changed, 74 insertions(+), 31 deletions(-) diff --git a/python3.14-scipy.spec b/python3.14-scipy.spec index 4566aa8..8a4b1f3 100644 --- a/python3.14-scipy.spec +++ b/python3.14-scipy.spec @@ -46,7 +46,7 @@ Summary: Scientific Tools for Python Name: python%{python3_pkgversion}-scipy Version: 1.16.2 -Release: 3%{?dist} +Release: 4%{?dist} # BSD-3-Clause -- whole package except: # BSD-2-Clause -- scipy/_lib/_pep440.py @@ -93,6 +93,7 @@ Patch: compatibility-with-meson-1.4.1.patch # https://github.com/scipy/scipy/pull/24209 # https://github.com/scipy/scipy/pull/24374 # https://github.com/scipy/scipy/pull/24384 +# https://github.com/scipy/scipy/pull/24608 Patch: scipy-coverity-fixes.patch # Coverity scan fixes for the bundled HiGHS project @@ -330,6 +331,10 @@ popd %changelog +* Tue Feb 17 2026 Charalampos Stratakis - 1.16.2-4 +- Additional coverity fixes +Related: RHEL-120814 + * Tue Feb 10 2026 Charalampos Stratakis - 1.16.2-3 - Fix issues uncovered via coverity scanning Related: RHEL-120814 diff --git a/scipy-coverity-fixes.patch b/scipy-coverity-fixes.patch index bfe8eab..1185695 100644 --- a/scipy-coverity-fixes.patch +++ b/scipy-coverity-fixes.patch @@ -1,7 +1,7 @@ -From 0d941ffeac1ac04a6d76890bdf114d898267d488 Mon Sep 17 00:00:00 2001 +From 831457080986da1b686e8060f5957c507d5af18e Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Sat, 20 Dec 2025 00:39:36 +0100 -Subject: [PATCH 01/15] BUG: ndimage: fix potential double-free in +Subject: [PATCH 01/16] BUG: ndimage: fix potential double-free in NI_InitFilterOffsets Null out offset pointers after freeing them in the error path of @@ -33,10 +33,10 @@ index a6e3ff0..934ac74 100644 2.53.0 -From 51ec935d77be786ce3b5e8b95c5fa23a4dd3dbe7 Mon Sep 17 00:00:00 2001 +From ac244882ec070351e8de297245d2fb002a93bfa8 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Sat, 20 Dec 2025 01:08:47 +0100 -Subject: [PATCH 02/15] BUG: signal/_firfilter.cc: fix out-of-bounds read in +Subject: [PATCH 02/16] BUG: signal/_firfilter.cc: fix out-of-bounds read in pylab_convolve_2d Move the type_num bounds check before using it as an array index. @@ -73,10 +73,10 @@ index 9636961..b1f3f19 100644 2.53.0 -From 94b1d8ee75e0cbf37bd970b70ba1e120d4d47d19 Mon Sep 17 00:00:00 2001 +From 901a5326ffd89038b21d89d8b3df5f8458ef305e Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Sat, 20 Dec 2025 01:20:43 +0100 -Subject: [PATCH 03/15] BUG: optimize/__lbfgsb.c: fix pointer arithmetic bug in +Subject: [PATCH 03/16] BUG: optimize/__lbfgsb.c: fix pointer arithmetic bug in cauchy function Change nseg += 1 to *nseg += 1 to increment the segment counter @@ -104,10 +104,10 @@ index 306f6d6..4a1dc98 100644 2.53.0 -From 7e65e5528db55cffb8814ecdb51e9573060695e2 Mon Sep 17 00:00:00 2001 +From d10a6599ba758887c7a1c9b2e15d39f0f387da53 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Sat, 20 Dec 2025 03:43:12 +0100 -Subject: [PATCH 04/15] BUG: optimize/tnc/tnc.c: fix uninitialized xoffset when +Subject: [PATCH 04/16] BUG: optimize/tnc/tnc.c: fix uninitialized xoffset when scale is provided When calling tnc() with a non-NULL scale array but NULL offset array, @@ -137,10 +137,10 @@ index 0b06d0e..d902dbf 100644 2.53.0 -From c7da8ee0aa7a24fe937467de4b845b0c222519ba Mon Sep 17 00:00:00 2001 +From 75a7278f79a0ab3d3b7a65b0611b89bb47f88806 Mon Sep 17 00:00:00 2001 From: SoheilStar <75124326+soheil-star01@users.noreply.github.com> Date: Sat, 20 Dec 2025 23:21:11 +0200 -Subject: [PATCH 05/15] BUG: optimize: Remove redundant conditional in +Subject: [PATCH 05/16] BUG: optimize: Remove redundant conditional in _shgo.sampling_custom Both if and else branches executed the same code. Simplifies to a @@ -169,10 +169,10 @@ index b98a4b5..5fe0899 100644 2.53.0 -From e07ace4aa764caef5c5abe2b8aa1982bb0348164 Mon Sep 17 00:00:00 2001 +From 7a648a78aa56fc79bd7e0ec26320b17d26bc698a Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Mon, 22 Dec 2025 01:40:36 +0100 -Subject: [PATCH 06/15] BUG: sparse.linalg: Fix copy-paste error in +Subject: [PATCH 06/16] BUG: sparse.linalg: Fix copy-paste error in get_OPinv_matvec In the type check condition for matrix M, is_pydata_spmatrix() was @@ -198,10 +198,10 @@ index f678dea..0c70bf9 100644 2.53.0 -From c3d3b109da83c889a12cb1735b31ed5466b4066e Mon Sep 17 00:00:00 2001 +From 90cba299c613da720e923c65c57230b046c22b87 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Mon, 22 Dec 2025 02:23:55 +0100 -Subject: [PATCH 07/15] BUG: optimize/_direct: Fix memory leaks in +Subject: [PATCH 07/16] BUG: optimize/_direct: Fix memory leaks in direct_direct_() Two early return paths bypassed the cleanup section, leaking all @@ -245,10 +245,10 @@ index 05249fa..9ec6a42 100644 2.53.0 -From 6f4515431ceb479e788255e5b0041670a4d28a6d Mon Sep 17 00:00:00 2001 +From db2d85df49602f5fe82da03ec5750cad597a3648 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Tue, 13 Jan 2026 23:07:38 +0100 -Subject: [PATCH 08/15] BUG: fix freeing of uninitialized memory in error paths +Subject: [PATCH 08/16] BUG: fix freeing of uninitialized memory in error paths in ndimage Initialize pointer arrays immediately after allocation and error check, @@ -320,10 +320,10 @@ index f0f86a7..5a11419 100644 2.53.0 -From 329c6a1df8fbe16c8d59b4a8b58abe29ec03284e Mon Sep 17 00:00:00 2001 +From 0ee12cdbbd73242b1febdf951803f60711b95fe8 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 14 Jan 2026 04:14:29 +0100 -Subject: [PATCH 09/15] BUG: fix uninitialized variables in odr +Subject: [PATCH 09/16] BUG: fix uninitialized variables in odr The if-else clauses handling pwe and pwd arrays had no terminal else clause. If an object passed validation but didn't match any @@ -367,10 +367,10 @@ index f86a65f..2027166 100644 2.53.0 -From 9e52501a67a6e190bc81dbd91c4a14866639663c Mon Sep 17 00:00:00 2001 +From 9da2c240fa0a277dc2db35b3754840ed7561d6a3 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 14 Jan 2026 05:07:07 +0100 -Subject: [PATCH 10/15] BUG: fix uninitialized variable in ILU complex copy at +Subject: [PATCH 10/16] BUG: fix uninitialized variable in ILU complex copy at sparse/SuperLU The SMILU_3 case in the second loop of ilu_ccopy_to_ucol.c and @@ -413,10 +413,10 @@ index bb444d7..063d685 100644 2.53.0 -From 09b460c7de6e9c8ddabd52d4a49b7fbba4003d4a Mon Sep 17 00:00:00 2001 +From 33b64448e9dd754b2fed17c4a05bd62e09a06b82 Mon Sep 17 00:00:00 2001 From: ilayn Date: Thu, 15 Jan 2026 18:10:05 +0100 -Subject: [PATCH 11/15] MAINT:optimize: Fix memleaks in DIRECT solver and +Subject: [PATCH 11/16] MAINT:optimize: Fix memleaks in DIRECT solver and ext.mod. --- @@ -546,10 +546,10 @@ index d1bfb33..d21734d 100644 2.53.0 -From ba52739d21f8cf3ee52775df23c05605143de74f Mon Sep 17 00:00:00 2001 +From da3df170f45d970ddf3ef0e35e7ea241a46ce306 Mon Sep 17 00:00:00 2001 From: ilayn Date: Thu, 15 Jan 2026 18:19:06 +0100 -Subject: [PATCH 12/15] MAINT:optimize: Enable multi-phase init to DIRECT +Subject: [PATCH 12/16] MAINT:optimize: Enable multi-phase init to DIRECT --- scipy/optimize/_directmodule.c | 54 +++++++++++++++++++--------------- @@ -633,10 +633,10 @@ index d21734d..aa3a80b 100644 2.53.0 -From da22a05e07ba8e88a1220be834b29de0ad975601 Mon Sep 17 00:00:00 2001 +From 73c1ffae44562b099b69c72922897a2ff2807ff7 Mon Sep 17 00:00:00 2001 From: ilayn Date: Thu, 15 Jan 2026 20:51:09 +0100 -Subject: [PATCH 13/15] MAINT:optimize: Decref callback in DIRECT solver +Subject: [PATCH 13/16] MAINT:optimize: Decref callback in DIRECT solver --- scipy/optimize/_direct/DIRect.c | 1 + @@ -658,10 +658,10 @@ index 85bdaed..16c6426 100644 2.53.0 -From e38338f279ba7235d479e3ed202b118c508d82d1 Mon Sep 17 00:00:00 2001 +From 2758feb6b3e9f0677d06a6764759886c8a188a09 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 28 Jan 2026 01:00:20 +0100 -Subject: [PATCH 14/15] BUG: Initialize icoor array in NI_GeometricTransform in +Subject: [PATCH 14/16] BUG: Initialize icoor array in NI_GeometricTransform in ndimage The icoor array could be used uninitialized if a user-provided @@ -707,10 +707,10 @@ index 5a11419..84e9a72 100644 2.53.0 -From 859399cecffdbbbc6a0f86c8aec1339200afd6fb Mon Sep 17 00:00:00 2001 +From 80c6e128c8ad9d4c1208a75d08d135ddf5ad5acf Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 28 Jan 2026 02:17:37 +0100 -Subject: [PATCH 15/15] BUG: optimize: validate itmax in trlib_eigen_inverse +Subject: [PATCH 15/16] BUG: optimize: validate itmax in trlib_eigen_inverse Add early return when itmax <= 0 to prevent use of uninitialized residuals array. The inverse iteration loop sets residuals[jj] only @@ -739,3 +739,41 @@ index 79c4aaf..4156483 100644 -- 2.53.0 + +From e0d53160e19ac80621446c3793d8f94ea711a126 Mon Sep 17 00:00:00 2001 +From: Charalampos Stratakis +Date: Tue, 17 Feb 2026 01:14:29 +0100 +Subject: [PATCH 16/16] BUG: Split edge_offsets/data_offsets error checks in + NI_GeometricTransform + +The combined check allowed a path where edge_offsets fails but +data_offsets succeeds, reaching cleanup before data_offsets elements +are NULL-initialized. + +Completes the fix in 339ccf65c3. +--- + scipy/ndimage/src/ni_interpolation.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/scipy/ndimage/src/ni_interpolation.c b/scipy/ndimage/src/ni_interpolation.c +index 84e9a72..1030ca1 100644 +--- a/scipy/ndimage/src/ni_interpolation.c ++++ b/scipy/ndimage/src/ni_interpolation.c +@@ -295,8 +295,13 @@ NI_GeometricTransform(PyArrayObject *input, int (*map)(npy_intp*, double*, + + /* offsets used at the borders: */ + edge_offsets = malloc(irank * sizeof(npy_intp*)); ++ if (NPY_UNLIKELY(!edge_offsets)) { ++ NPY_END_THREADS; ++ PyErr_NoMemory(); ++ goto exit; ++ } + data_offsets = malloc(irank * sizeof(npy_intp*)); +- if (NPY_UNLIKELY(!edge_offsets || !data_offsets)) { ++ if (NPY_UNLIKELY(!data_offsets)) { + NPY_END_THREADS; + PyErr_NoMemory(); + goto exit; +-- +2.53.0 +