-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vcat(::AbstractRange...)
can do an out of bounds access inside an @inbounds
block
#42483
Comments
While we often do depend on length being correct, perhaps we could add a boundscheck at the end, so we can be more confident it will crash quickly? |
Why can we assume |
Here is a MWE that causes the out of bounds access: struct W{T} <: Number
n::T
end
for op in (:+, :-)
@eval Base.$op(a::W, b::W) = W($op(a.n, b.n))
end
Base.isless(a::W, b::W) = isless(a.n, b.n)
Base.rem(a::W, b::W) = rem(a.n, b.n)
Base.promote_rule(::Type{W{Float64}}, ::Type{Float64}) = W{Float64}
Base.div(a::W, b::W, c) = div(a.n, b.n, c)
collect(W(0.0):W(0.2):W(25.0)) # boom It doesn't feel like |
We probably also should not. Can we improve the range iterator for that case. |
Probably you know this, but julia> r = W(0.0):W(0.2):W(25.0)
W{Float64}(0.0):W{Float64}(0.2):W{Float64}(24.8)
julia> typeof(r)
StepRange{W{Float64}, W{Float64}}
julia> length(r)
124
julia> last(r)
W{Float64}(24.8)
julia> for x in Iterators.take(Iterators.drop(r, 120), 7)
@show x
end
x = W{Float64}(23.999999999999947)
x = W{Float64}(24.199999999999946)
x = W{Float64}(24.399999999999945)
x = W{Float64}(24.599999999999945)
x = W{Float64}(24.799999999999944)
x = W{Float64}(24.999999999999943)
x = W{Float64}(25.199999999999942)
julia> @which iterate(r, first(r)) # i == last(r) && return nothing
iterate(r::OrdinalRange{T}, i) where T in Base at range.jl:868 That's fine for UnitRange of course. The method for |
The repro below requires ForwardDiff 0.10.19 or earlier.
ForwardDiff breaks some assumptions made by the range framework which causes it to compute the length wrong which leads to an out of bounds access:
However, this part of the code has an
@inbounds
which thus gives memory corruption unless bounds checking is enforced:julia/base/range.jl
Lines 1320 to 1332 in be28eb3
The core problem is that iterating the range never terminates:
Perhaps this is a bug with the range framework more than the
vcat
method:Also note:
Downstream issue: JuliaDiff/ForwardDiff.jl#548
The text was updated successfully, but these errors were encountered: