[jira] [Updated] (ARROW-16013) [C++][Python] Wrong stride/address calculation when using negative stride in NumPyStridedConverter

Wed, 23 Mar 2022 12:10:05 -0700 


     [ 
https://issues.apache.org/jira/browse/ARROW-16013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tobias Zagorni updated ARROW-16013:
-----------------------------------
    Description: 
The calculation of the stride value passed to {{CopyStridedNatural}} by 
{{NumPyStridedConverter::Visit}} divides the stride value by sizeof(T), which 
is unsigned, without an appropriate type case. This causes 
{{CopyStridedNatural}} to access bogus indices.

This is triggered by the existing test method {{test_numpy_to_pyarrow}} in 
{{test_array.py}} (at {{{}pa.array(np_arr[case]){}}}). When using ubsan catches 
a signed integer overflow, otherwise it apparently does what we want, but is 
still undefined behavoir

  was:
The calculation of the stride value passed to {{CopyStridedNatural}} by 
{{NumPyStridedConverter::Visit}} divides the stride value by sizeof(T), which 
is unsigned, without an appropriate type case. This causes 
{{CopyStridedNatural}} to access bogus indices.

This is triggered by the existing test method {{test_numpy_to_pyarrow}} in 
{{test_array.py}} (at {{{}pa.array(np_arr[case]){}}}). For some reason this 
neither causes a direct crash, nor is the output to python affected. Only ubsan 
catches an integer overflow


> [C++][Python] Wrong stride/address calculation when using negative stride in 
> NumPyStridedConverter
> --------------------------------------------------------------------------------------------------
>
>                 Key: ARROW-16013
>                 URL: https://issues.apache.org/jira/browse/ARROW-16013
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: C++, Python
>            Reporter: Tobias Zagorni
>            Assignee: Tobias Zagorni
>            Priority: Major
>
> The calculation of the stride value passed to {{CopyStridedNatural}} by 
> {{NumPyStridedConverter::Visit}} divides the stride value by sizeof(T), which 
> is unsigned, without an appropriate type case. This causes 
> {{CopyStridedNatural}} to access bogus indices.
> This is triggered by the existing test method {{test_numpy_to_pyarrow}} in 
> {{test_array.py}} (at {{{}pa.array(np_arr[case]){}}}). When using ubsan 
> catches a signed integer overflow, otherwise it apparently does what we want, 
> but is still undefined behavoir



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to