[jira] [Updated] (ARROW-16013) [C++][Python] Wrong stride/address calculation when using negative stride in NumPyStridedConverter

Wed, 23 Mar 2022 11:53:04 -0700 


     [ 
https://issues.apache.org/jira/browse/ARROW-16013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tobias Zagorni updated ARROW-16013:
-----------------------------------
    Description: 
The calculation of the stride value passed to `CopyStridedNatural` by 
`NumPyStridedConverter::Visit` divides the stride value by sizeof(T), which is 
unsigned, without an appropriate type case. This causes CopyStridedNatural to 
access bogus indices.

This is triggered by the existing test method `test_numpy_to_pyarrow` in 
`test_array.py` (`pa.array(np_arr[case])`). For some reason this neither causes 
a direct crash, nor is the output to python affected. Only ubsan catches an 
integer overflow

  was:
The calculation of the stride value passed to `CopyStridedNatural` by 
`NumPyStridedConverter::Visit` divides the stride value by sizeof(T), which is 
unsigned, without an appropriate type case. This causes CopyStridedNatural to 
access bogus indices.

This is triggered by the existing test method `test_numpy_to_pyarrow` in 
`test_array.py`. For some reason this neither causes a direct crash, nor is the 
output to python affected. Only ubsan catches an integer overflow


> [C++][Python] Wrong stride/address calculation when using negative stride in 
> NumPyStridedConverter
> --------------------------------------------------------------------------------------------------
>
>                 Key: ARROW-16013
>                 URL: https://issues.apache.org/jira/browse/ARROW-16013
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: C++, Python
>            Reporter: Tobias Zagorni
>            Assignee: Tobias Zagorni
>            Priority: Major
>
> The calculation of the stride value passed to `CopyStridedNatural` by 
> `NumPyStridedConverter::Visit` divides the stride value by sizeof(T), which 
> is unsigned, without an appropriate type case. This causes CopyStridedNatural 
> to access bogus indices.
> This is triggered by the existing test method `test_numpy_to_pyarrow` in 
> `test_array.py` (`pa.array(np_arr[case])`). For some reason this neither 
> causes a direct crash, nor is the output to python affected. Only ubsan 
> catches an integer overflow



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to