[jira] [Updated] (ARROW-16013) [C++][Python] Wrong stride/address calculation when using negative stride in NumPyStridedConverter

Tobias Zagorni (Jira) Wed, 23 Mar 2022 11:54:09 -0700


     [ 
https://issues.apache.org/jira/browse/ARROW-16013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tobias Zagorni updated ARROW-16013:
-----------------------------------
    Description: 
The calculation of the stride value passed to {{CopyStridedNatural}} by 
{{NumPyStridedConverter::Visit}} divides the stride value by sizeof(T), which 
is unsigned, without an appropriate type case. This causes 
{{CopyStridedNatural}} to access bogus indices.

This is triggered by the existing test method {{test_numpy_to_pyarrow}} in 
{{test_array.py}} (at {{{}pa.array(np_arr[case]){}}}). For some reason this 
neither causes a direct crash, nor is the output to python affected. Only ubsan 
catches an integer overflow

  was:
The calculation of the stride value passed to `CopyStridedNatural` by 
`NumPyStridedConverter::Visit` divides the stride value by sizeof(T), which is 
unsigned, without an appropriate type case. This causes CopyStridedNatural to 
access bogus indices.

This is triggered by the existing test method `test_numpy_to_pyarrow` in 
`test_array.py` (`pa.array(np_arr[case])`). For some reason this neither causes 
a direct crash, nor is the output to python affected. Only ubsan catches an 
integer overflow


> [C++][Python] Wrong stride/address calculation when using negative stride in 
> NumPyStridedConverter
> --------------------------------------------------------------------------------------------------
>
>                 Key: ARROW-16013
>                 URL: https://issues.apache.org/jira/browse/ARROW-16013
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: C++, Python
>            Reporter: Tobias Zagorni
>            Assignee: Tobias Zagorni
>            Priority: Major
>
> The calculation of the stride value passed to {{CopyStridedNatural}} by 
> {{NumPyStridedConverter::Visit}} divides the stride value by sizeof(T), which 
> is unsigned, without an appropriate type case. This causes 
> {{CopyStridedNatural}} to access bogus indices.
> This is triggered by the existing test method {{test_numpy_to_pyarrow}} in 
> {{test_array.py}} (at {{{}pa.array(np_arr[case]){}}}). For some reason this 
> neither causes a direct crash, nor is the output to python affected. Only 
> ubsan catches an integer overflow



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (ARROW-16013) [C++][Python] Wrong stride/address calculation when using negative stride in NumPyStridedConverter

Reply via email to