BUG: segfault by rounding number by large negative value #28787
Description
Describe the issue:
It's possible to segfault the interpreter by calling round() with large negative values on at least float types.
Reproduce the code example:
import numpy
numpy.float128().round(-2**31)Error message:
Thread 1 "python" received signal SIGSEGV, Segmentation fault.
0x00007ffff436062a in PyArray_Round () from /home/danzin/venvs/3.13_upstream_fusil_venv/lib/python3.13t/site-packages/numpy/_core/_multiarray_umath.cpython-313t-x86_64-linux-gnu.so
#0 0x00007ffff436062a in PyArray_Round () from /home/danzin/venvs/3.13_upstream_fusil_venv/lib/python3.13t/site-packages/numpy/_core/_multiarray_umath.cpython-313t-x86_64-linux-gnu.so
#1 0x00007ffff43c6f31 in array_round () from /home/danzin/venvs/3.13_upstream_fusil_venv/lib/python3.13t/site-packages/numpy/_core/_multiarray_umath.cpython-313t-x86_64-linux-gnu.so
#2 0x0000555555b661da in cfunction_call (func=0x7fffb4d52230, args=0x7fffb4bc71d0, kwargs=0x0) at Objects/methodobject.c:540
#3 0x0000555555a4aed3 in _PyObject_Call (tstate=0x5555566c6300 <_PyRuntime+326528>, callable=<optimized out>, args=<optimized out>, kwargs=<optimized out>) at Objects/call.c:361
#4 0x00007ffff42c67c3 in gentype_generic_method ()
from /home/danzin/venvs/3.13_upstream_fusil_venv/lib/python3.13t/site-packages/numpy/_core/_multiarray_umath.cpython-313t-x86_64-linux-gnu.so
#5 0x0000555555a70759 in method_vectorcall_VARARGS_KEYWORDS (func=0x7fffb50472b0, args=0x529000005840, nargsf=<optimized out>, kwnames=<optimized out>) at Objects/descrobject.c:358
#6 0x0000555555a484db in _PyObject_VectorcallTstate (tstate=0x5555566c6300 <_PyRuntime+326528>, callable=0x7fffb50472b0, args=0x5020000058f0, nargsf=1031, kwnames=0x0)
at ./Include/internal/pycore_call.h:168
#7 0x0000555555dbd570 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/generated_cases.c.h:813
#8 0x0000555555dac3eb in PyEval_EvalCode (co=co@entry=0x7fffb4d91690, globals=globals@entry=0x7fffb4755770, locals=locals@entry=0x7fffb4755770) at Python/ceval.c:604
#9 0x0000555555da0ac6 in builtin_exec_impl (source=0x7fffb4d91690, globals=0x7fffb4755770, locals=0x7fffb4755770, closure=0x0, module=<optimized out>) at Python/bltinmodule.c:1143
#10 builtin_exec (module=<optimized out>, args=<optimized out>, args@entry=0x5290000057e0, nargs=nargs@entry=2, kwnames=kwnames@entry=0x0) at Python/clinic/bltinmodule.c.h:556
#11 0x0000555555b645ca in cfunction_vectorcall_FASTCALL_KEYWORDS (func=<optimized out>, args=0x5290000057e0, nargsf=<optimized out>, kwnames=0x0) at Objects/methodobject.c:441
#12 0x0000555555a484db in _PyObject_VectorcallTstate (tstate=0x5555566c6300 <_PyRuntime+326528>, callable=0x7fffb425e780, args=0x5020000058f0, nargsf=1031, kwnames=0x0)
at ./Include/internal/pycore_call.h:168
#13 0x0000555555dbd570 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/generated_cases.c.h:813
#14 0x0000555555dac3eb in PyEval_EvalCode (co=co@entry=0x7fffb4f01690, globals=globals@entry=0x7fffb4755770, locals=locals@entry=0x7fffb4755770) at Python/ceval.c:604
#15 0x0000555555da0ac6 in builtin_exec_impl (source=0x7fffb4f01690, globals=0x7fffb4755770, locals=0x7fffb4755770, closure=0x0, module=<optimized out>) at Python/bltinmodule.c:1143
#16 builtin_exec (module=<optimized out>, args=<optimized out>, args@entry=0x529000005380, nargs=nargs@entry=2, kwnames=kwnames@entry=0x0) at Python/clinic/bltinmodule.c.h:556
#17 0x0000555555b645ca in cfunction_vectorcall_FASTCALL_KEYWORDS (func=<optimized out>, args=0x529000005380, nargsf=<optimized out>, kwnames=0x0) at Objects/methodobject.c:441
#18 0x0000555555a484db in _PyObject_VectorcallTstate (tstate=0x5555566c6300 <_PyRuntime+326528>, callable=0x7fffb425e780, args=0x5020000058f0, nargsf=1031, kwnames=0x0)
at ./Include/internal/pycore_call.h:168
#19 0x0000555555dbd570 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/generated_cases.c.h:813
#20 0x0000555555fbbba3 in pymain_run_module (modname=0x5555562e34a0 <str> L"_pyrepl", set_argv0=set_argv0@entry=0) at Modules/main.c:349
#21 0x0000555555fbd3a9 in pymain_run_stdin (config=config@entry=0x555556697d88 <_PyRuntime+136712>) at Modules/main.c:575
#22 0x0000555555fbac61 in pymain_run_python (exitcode=0x7fffffffd7e4) at Modules/main.c:699
#23 Py_RunMain () at Modules/main.c:775
#24 0x0000555555fbb73e in pymain_main (args=<optimized out>) at Modules/main.c:805
#25 0x0000555555fbb8a4 in Py_BytesMain (argc=1, argv=<optimized out>) at Modules/main.c:829
#26 0x00007ffff7c2a3b8 in __libc_start_call_main (main=main@entry=0x55555588a630 <main>, argc=argc@entry=1, argv=argv@entry=0x7fffffffdbc8) at ../sysdeps/nptl/libc_start_call_main.h:58
#27 0x00007ffff7c2a47b in __libc_start_main_impl (main=0x55555588a630 <main>, argc=1, argv=0x7fffffffdbc8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffdbb8) at ../csu/libc-start.c:360
#28 0x00005555557a9105 in _start ()Python and NumPy Versions:
2.3.0.dev0+git20250415.e151f0d
3.13.3+ experimental free-threading build (heads/3.13:83cb89b941b, Apr 18 2025, 20:59:43) [Clang 19.1.7 (++20250114103253+cd708029e0b2-1exp120250114103309.40)]
Runtime Environment:
[{'numpy_version': '2.3.0.dev0+git20250415.e151f0d',
'python': '3.13.3+ experimental free-threading build '
'(heads/3.13:83cb89b941b, Apr 18 2025, 20:59:43) [Clang 19.1.7 '
'(++20250114103253+cd708029e0b2-1exp120250114103309.40)]',
'uname': uname_result(system='Linux', node='beesknees', release='6.11.0-24-generic', version='https://github.com/numpy/numpy/pull/24-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 14 18:13:56 UTC 2025', machine='x86_64')},
{'simd_extensions': {'baseline': ['SSE', 'SSE2', 'SSE3'],
'found': ['SSSE3',
'SSE41',
'POPCNT',
'SSE42',
'AVX',
'F16C',
'FMA3',
'AVX2',
'AVX512F',
'AVX512CD',
'AVX512_SKX',
'AVX512_CLX',
'AVX512_CNL',
'AVX512_ICL'],
'not_found': ['AVX512_KNL', 'AVX512_KNM', 'AVX512_SPR']}},
{'architecture': 'SkylakeX',
'filepath': '/home/danzin/venvs/3.13_upstream_fusil_venv/lib/python3.13t/site-packages/numpy.libs/libscipy_openblas64_-56d6093b.so',
'internal_api': 'openblas',
'num_threads': 16,
'prefix': 'libscipy_openblas',
'threading_layer': 'pthreads',
'user_api': 'blas',
'version': '0.3.29'}]
Context for the issue:
I have been fuzzing Numpy using fusil by @vstinner. I realize these crashes are unlikely to be triggered in normal usage and therefore might be of low priority.
The fuzzing was done with an ASAN free-threading clang build and not confirmed on a GILfull non-sanitizer GCC build yet.