Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: Ensure arguments to npy_floatstatus_..._barrier() can be dereferenced #22791

Merged
merged 1 commit into from Dec 13, 2022
Merged

BUG: Ensure arguments to npy_floatstatus_..._barrier() can be dereferenced #22791

merged 1 commit into from Dec 13, 2022

Conversation

hawkinsp
Copy link
Contributor

The argument to these functions is dereferenced, even if the value is thrown away. AddressSanitizer reports an error on the dereference for these functions when running the NumPy test suite.

  • In the case of ctors.c this is a use after free.
  • In the case of array_assign_array.c this is an out-of-bounds heap access.

Since I don't think it matters exactly which pointer we choose for the floatstatus code, changed to use another level of indirection. It's unclear to me whether this is a legal fix or not, or whether we need to work harder to find a valid pointer that points within one of the arrays. This depends deeply on the semantics of volatile in C and I'm not 100% sure.

This change would need to be backported to the 1.24.x branch.

@hawkinsp
Change argument to npy_floatstatus_..._barrier() functions to ensure it
5940b42 
is in bounds.

The argument is dereferenced, even if the value is thrown away.
AddressSanitizer reports an error on the dereference for these functions
when running the NumPy test suite.

It's unclear to me whether this is a legal fix or not, or whether we
need to work harder to find a valid pointer that points within one of the
arrays. This depends deeply on the semantics of `volatile` in C and I'm
not 100% sure.
@seberg seberg added the 09 - Backport-Candidate PRs tagged should be backported label Dec 13, 2022
@charris charris changed the title Ensure arguments to npy_floatstatus_..._barrier() can be dereferenced MAINT: Ensure arguments to npy_floatstatus_..._barrier() can be dereferenced Dec 13, 2022
@charris charris changed the title MAINT: Ensure arguments to npy_floatstatus_..._barrier() can be dereferenced BUG: Ensure arguments to npy_floatstatus_..._barrier() can be dereferenced Dec 13, 2022
@charris charris added this to the 1.24.0 release milestone Dec 13, 2022
@charris
Copy link
Member

charris commented Dec 13, 2022

Weird, but seems to work. ISTR looking at those functions before and wondering if they could be simplified and thinking not. But I could be wrong :)

@charris charris merged commit 1a21e72 into numpy:main Dec 13, 2022
@charris charris mentioned this pull request Dec 13, 2022
Merged
@charris charris removed the 09 - Backport-Candidate PRs tagged should be backported label Dec 13, 2022
@charris charris removed this from the 1.24.0 release milestone Dec 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
00 - Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hawkinsp @charris @seberg