Skip to content

Potential buffer overflow in PyArray_NewFromDescr_int of ctors.c #18939

Closed
@awen-li

Description

@awen-li

Reproducing code example:

Snippet:

PyArray_NewFromDescr_int(...., **int nd**,......)
{
    ............... 
    if (descr->subarray) {
        PyObject *ret;
        npy_intp **newdims**[2*NPY_MAXDIMS];
        npy_intp *newstrides = NULL;
        **memcpy**(newdims, dims, nd*sizeof(npy_intp));
        if (strides) {
            newstrides = newdims + NPY_MAXDIMS;
            **memcpy**(newstrides, strides, nd*sizeof(npy_intp));
        }
        ........
}

Error message:

When we run our analysis tool on NumPy, a potential buffer-overflow problem was reported. See details below:
File: numpy/core/src/multiarray/ctors.c
Function: PyArray_NewFromDescr_int
Details in description

Possible call path:
1. array_new -> PyArray_NewFromDescr_int
2. PyArray_Zeros -> PyArray_NewFromDescr_int
3. array_fromfile -> PyArray_FromFile -> PyArray_NewFromDescr_int

NumPy/Python version information:

The main branch of NumPy

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions