BUG: avoid negating INT_MIN in PyArray_Round implementation #30071
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ngoldbaum
added
00 - Bug
09 - Backport-Candidate
|
Thanks for the ping and for the reference! I guess having a report avoid a CVE isn't as sexy as having a report result in a CVE, but it's still cool :) |
seberg
approved these changes
Oct 25, 2025
Member
seberg
left a comment
seberg
left a comment
There was a problem hiding this comment.
Thanks, could test the special case, but I am OK with just putting it in as is. (The result seems 0 or inf, although I guess the inf is just overflowing intermediates.)
Please go ahead and merge if you think a special case test isn't worth it, happy with that..
charris
pushed a commit
to charris/numpy
that referenced
this pull request
Oct 25, 2025
charris
added a commit
that referenced
this pull request
Oct 25, 2025
BUG: avoid negating INT_MIN in PyArray_Round implementation (#30071)
cakedev0
pushed a commit
to cakedev0/numpy
that referenced
this pull request
Dec 5, 2025
IndifferentArea
pushed a commit
to IndifferentArea/numpy
that referenced
this pull request
Dec 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
c.f. https://huntr.com/bounties/49928a2c-c6bb-4c1c-80ec-5d7bf708bf28 where this almost led to a CVE getting reported against NumPy.
Addresses one of the issues reported in #28829.
For those who are unaware: the value of
INT_MINis-INT_MAX - 1(negating using two's complement arithmetic), so that means that if C used two's complement-INT_MIN == INT_MIN. For that reason,-INT_MINis UB according to the C standard. You are always supposed to do a check like this when negating a signed integer, but it is often skipped.I learned while working on this that passing
rounda negativendigitsis supported. Round withndigits!=0is the same as round withndigits==0, but transformed in the following way:round(x * 10**ndigits, 0) / 10**ndigits. The same formula holds for positive and negative ndigits.No tests because it's annoying to write a test for this case (see python/cpython#132474 -- it turns out
round(2**31, -2**31)will hang CPython...).Open to suggestions if people want to do a more thorough job of this but at least this prevents the segfault.
Ping @devdanzin, this seems relevant to your interests.