Skip to content

BUG: Fix buffer overrun in CPU baseline validation#30877

Merged
seberg merged 2 commits intonumpy:mainfrom
stratakis:buffer_ovrfl
Feb 26, 2026
Merged

BUG: Fix buffer overrun in CPU baseline validation#30877
seberg merged 2 commits intonumpy:mainfrom
stratakis:buffer_ovrfl

Conversation

@stratakis
Copy link
Copy Markdown
Contributor

@stratakis stratakis commented Feb 25, 2026

Use sizeof() - 1 to exclude the string literal's null terminator when copying feature names into baseline_failure, preventing a buffer overrun and embedded nulls that truncated the error message.

Uncovered by Coverity static analysis

Fixes: #30477

@charris charris added the 09 - Backport-Candidate PRs tagged should be backported label Feb 25, 2026
@seberg
Copy link
Copy Markdown
Member

seberg commented Feb 25, 2026

Thanks, but isn't the *fptr = 0 still wrong, i.e. the if condition should be changed to fptr > buffer and that branch already has the right write?

@stratakis
BUG: Fix buffer overrun in CPU baseline validation
d6a8053 
Use sizeof() - 1 to exclude the string literal's null terminator when
copying feature names into baseline_failure, preventing a buffer
overrun and embedded nulls that truncated the error message.

Uncovered by Coverity static analysis
@stratakis
Copy link
Copy Markdown
Contributor Author

stratakis commented Feb 25, 2026

Thanks, but isn't the *fptr = 0 still wrong, i.e. the if condition should be changed to fptr > buffer and that branch already has the right write?

Right. Rebased.

seberg
seberg approved these changes Feb 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@seberg seberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, should go in once tests pass. Out of lazyness, I just pushed a fix here for that new warning in MSVC, no idea why it started showing up now.

From what I can tell briefly, there is on nice way to test this so...

@seberg seberg merged commit 089ceb7 into numpy:main Feb 26, 2026
78 checks passed
charris pushed a commit to charris/numpy that referenced this pull request Mar 4, 2026
@stratakis @seberg @charris
BUG: Fix buffer overrun in CPU baseline validation (numpy#30877)
057921f 
Co-authored-by: Sebastian Berg <sebastianb@nvidia.com>
@charris charris mentioned this pull request Mar 4, 2026
Merged
@charris charris removed the 09 - Backport-Candidate PRs tagged should be backported label Mar 4, 2026
charris added a commit that referenced this pull request Mar 4, 2026
@charris
Merge pull request #30922 from charris/backport-30877
62df6a5 
BUG: Fix buffer overrun in CPU baseline validation (#30877)
sabasiddique1 pushed a commit to sabasiddique1/numpy that referenced this pull request Mar 4, 2026
@stratakis @seberg @sabasiddique1
BUG: Fix buffer overrun in CPU baseline validation (numpy#30877)
7c9b121 
Co-authored-by: Sebastian Berg <sebastianb@nvidia.com>
@doronbehar doronbehar mentioned this pull request Mar 9, 2026
Open
3 tasks
@stratakis stratakis deleted the buffer_ovrfl branch March 20, 2026 05:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seberg seberg seberg approved these changes

Assignees

No one assigned

Labels

00 - Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BUG: Buffer overflow in npy__cpu_validate_baseline when CPU lacks baseline features

3 participants

@stratakis @seberg @charris