Skip to content

BUG: numpy.asarray's boundary check fails with too large shape and got a segmentation fault #27949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
EgodPrime opened this issue Dec 9, 2024 · 4 comments
Closed

BUG: numpy.asarray's boundary check fails with too large shape and got a segmentation fault #27949

EgodPrime opened this issue Dec 9, 2024 · 4 comments
Labels
00 - Bug sprintable - C

Comments

@EgodPrime
Copy link

Describe the issue:

Actually, I first triggered this Segmentation Fault when calling np.lib.stride_tricks.as_strided. After reading the implementation of np.lib.stride_tricks.as_strided, I found it is a problem with np.asanyarray.

np.asanyarray does have a 'guard' for its argument, if you pass into a DummArray whose interface.shape is bigger than 64 and smaller than 136, it raises a ValueError: number of dimensions must be within [0, 64].

But this 'guard' fails when the size interface.shape is larger than 135, and a Segmentation Fault is achieved.

Reproduce the code example:

import numpy as np

x = 1 # x can be one of [1, [1], 's']
shape = [1]*136 # 0-135 is safe

# np.lib.stride_tricks.as_strided(x, shape=shape)

class DummyArray:
    """Dummy object that just exists to hang __array_interface__ dictionaries
    and possibly keep alive a reference to a base array.
    """

    def __init__(self, interface, base=None):
        self.__array_interface__ = interface
        self.base = base
x = np.array(x, copy=None, subok=False)
interface = dict(x.__array_interface__)
interface['shape'] = tuple(shape)
da = DummyArray(interface=interface, base=x)
np.asanyarray(da)

Error message:

Thread 1 "python" received signal SIGSEGV, Segmentation fault.
0x0000000000000001 in ?? ()
(gdb) bt
#0  0x0000000000000001 in ?? ()
#1  0x00007ffc81825b7c in ?? ()
#2  0x00007ffc81825b68 in ?? ()
#3  0x00007f12f2ef2780 in ?? ()
#4  0x0000000000000000 in ?? ()

Python and NumPy Versions:

2.2.0
3.12.7 | packaged by Anaconda, Inc. | (main, Oct 4 2024, 13:27:36) [GCC 11.2.0]

Runtime Environment:

[{'numpy_version': '2.2.0',
'python': '3.12.7 | packaged by Anaconda, Inc. | (main, Oct 4 2024, '
'13:27:36) [GCC 11.2.0]',
'uname': uname_result(system='Linux', node='a475b702ecc0', release='5.4.0-150-generic', version='#167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023', machine='x86_64')},
{'simd_extensions': {'baseline': ['SSE', 'SSE2', 'SSE3'],
'found': ['SSSE3',
'SSE41',
'POPCNT',
'SSE42',
'AVX',
'F16C',
'FMA3',
'AVX2',
'AVX512F',
'AVX512CD',
'AVX512_SKX',
'AVX512_CLX'],
'not_found': ['AVX512_KNL',
'AVX512_KNM',
'AVX512_CNL',
'AVX512_ICL']}},
{'architecture': 'SkylakeX',
'filepath': '/root/miniconda3/envs/py312/lib/python3.12/site-packages/numpy.libs/libscipy_openblas64_-6bb31eeb.so',
'internal_api': 'openblas',
'num_threads': 64,
'prefix': 'libscipy_openblas',
'threading_layer': 'pthreads',
'user_api': 'blas',
'version': '0.3.28'}]

Context for the issue:

I thought the boundary check for numpy.asanyarray can be improved.
@seberg
Copy link
Member

seberg commented Dec 10, 2024

Thanks. While use of this interface is clearly completely unsafe, I agree that this should be checked.
The behavior is always buggy, if it doesn't error within a certain range, it's just a fluke.

@lvllvl
Copy link
Contributor

lvllvl commented Feb 26, 2025
edited
Loading

Hi @seberg, I think I have a solution for this.
So I updated numpy/_core/src/multiarray/ctors.c, here's a link to my changes.

Also are tests required for bug fixes?
When you create a change in the repo, how do you usually test the changes you've made?
I was attempting to build in codespace using conda, but was having some trouble.

@seberg
Copy link
Member

seberg commented Feb 26, 2025

Also are tests required for bug fixes?

Yes of course, everything needs tests.

Codespaces should work fine as well, did you follow the instructions in the developer guide? They should work, code-spaces or not.

Anyway, please just open a PR, including a test.

@lvllvl lvllvl mentioned this issue Mar 1, 2025
Merged
@lvllvl
Copy link
Contributor

lvllvl commented Mar 1, 2025

Also are tests required for bug fixes?

Yes of course, everything needs tests.

Codespaces should work fine as well, did you follow the instructions in the developer guide? They should work, code-spaces or not.

Anyway, please just open a PR, including a test.

ok great, thanks for clarifying @seberg

I was able to include some tests and get it to work. Do you mind taking a look at my PR when you get a chance?

Here's a link: PR #28407

@seberg seberg closed this as completed Mar 6, 2025
@charris charris mentioned this issue Mar 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
00 - Bug sprintable - C
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seberg @lvllvl @EgodPrime