Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix integer overflow in skip(s::IOBuffer, typemax(Int64)) #54070

Merged
merged 6 commits into from
Apr 17, 2024
Merged

Fix integer overflow in skip(s::IOBuffer, typemax(Int64)) #54070

merged 6 commits into from
Apr 17, 2024

Conversation

nhz2
Copy link
Contributor

@nhz2 nhz2 commented Apr 13, 2024
edited
Loading

Fixes #53908 by clamping before doing addition.

This also fixes an issue with negative skips if io.offset isn't zero.

I am assuming that io.size+1 cannot overflow.

@nhz2 nhz2 marked this pull request as ready for review April 13, 2024 02:58
Seelengrab
Seelengrab reviewed Apr 14, 2024
View reviewed changes
base/iobuffer.jl Outdated Show resolved Hide resolved
@Seelengrab
Copy link
Contributor

Seelengrab commented Apr 14, 2024
edited
Loading

Why not use Base.Checked.add_with_overflow instead of widening by default? It should be pretty efficient.

@nhz2
Copy link
Contributor Author

nhz2 commented Apr 14, 2024

No real reason, I just find widen and clamp easier to understand.

nhz2
nhz2 commented Apr 14, 2024
View reviewed changes
base/iobuffer.jl Outdated Show resolved Hide resolved
Seelengrab
Seelengrab reviewed Apr 14, 2024
View reviewed changes
base/iobuffer.jl Outdated Show resolved Hide resolved
@nhz2 nhz2 requested a review from vtjnash April 15, 2024 14:19
@nhz2 nhz2 added io Involving the I/O subsystem: libuv, read, write, etc. backport 1.11 Change should be backported to release-1.11 labels Apr 15, 2024
vtjnash
vtjnash reviewed Apr 16, 2024
View reviewed changes
Copy link
Member

@vtjnash vtjnash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC, the main problem with widen is that it is less likely to be defined on arbitrary types and is more likely to fall back to slow BigInt math unnecessarily in other cases. But in this case, it is just widen(::Int)::2Int, so that is always fine.

@vtjnash vtjnash added the merge me PR is reviewed. Merge when all tests are passing label Apr 16, 2024
@KristofferC KristofferC mentioned this pull request Apr 17, 2024
Merged
59 tasks
@KristofferC KristofferC merged commit 306124c into JuliaLang:master Apr 17, 2024
10 checks passed
@oscardssmith oscardssmith removed the merge me PR is reviewed. Merge when all tests are passing label Apr 17, 2024
KristofferC pushed a commit that referenced this pull request Apr 25, 2024
@nhz2 @KristofferC
Fix integer overflow in skip(s::IOBuffer, typemax(Int64)) (#54070)
74615de 
Fixes #53908  by clamping before doing addition.

This also fixes an issue with negative skips if `io.offset` isn't zero.

I am assuming that `io.size+1` cannot overflow.

(cherry picked from commit 306124c)
KristofferC added a commit that referenced this pull request May 28, 2024
@KristofferC
Backports for 1.11.0-beta2 (#54112)
f7295bf 
Backported PRs:
- [x] #53665 <!-- use afoldl instead of tail recursion for tuples -->
- [x] #53976 <!-- LinearAlgebra: LazyString in interpolated error
messages -->
- [x] #54005 <!-- make `view(::Memory, ::Colon)` produce a Vector -->
- [x] #54010 <!-- Overload `Base.literal_pow` for `AbstractQ` -->
- [x] #54069 <!-- Allow PrecompileTools to see MI's inferred by foreign
abstract interpreters -->
- [x] #53750 <!-- inference correctness: fields and globals can revert
to undef -->
- [x] #53984 <!-- Profile: fix heap snapshot is valid char check -->
- [x] #54102 <!-- Explicitly compute stride in unaliascopy for SubArray
-->
- [x] #54070 <!-- Fix integer overflow in `skip(s::IOBuffer,
typemax(Int64))` -->
- [x] #54013 <!-- Support case-changes to Annotated{String,Char}s -->
- [x] #53941 <!-- Fix writing of AnnotatedChars to AnnotatedIOBuffer -->
- [x] #54137 <!-- Fix typo in docs for `partialsortperm` -->
- [x] #54129 <!-- use correct size when creating output data from an
IOBuffer -->
- [x] #54153 <!-- Fixup IdSet docstring -->
- [x] #54143 <!-- Fix `make install` from tarballs -->
- [x] #54151 <!-- LinearAlgebra: Correct zero element in
`_generic_matvecmul!` for block adj/trans -->
- [x] #54213 <!-- Add `public` statement to `Base.GC` -->
- [x] #54222 <!-- Utilize correct tbaa when emitting stores of unions.
-->
- [x] #54233 <!-- set MAX_OS_WRITE on unix -->
- [x] #54255 <!-- fix `_checked_mul_dims` in the presence of 0s and
overflow. -->
- [x] #54259 <!-- Fix typo in `readuntil` -->
- [x] #54251 <!-- fix typo in gc_mark_memory8 when chunking a large
array -->
- [x] #54276 <!-- Fix solve for complex `Hermitian` with non-vanishing
imaginary part on diagonal -->
- [x] #54248 <!-- ensure package callbacks are invoked when no valid
precompile file exists for an "auto loaded" stdlib -->
- [x] #54308 <!-- Implement eval-able AnnotatedString 2-arg show -->
- [x] #54302 <!-- Specialised substring equality for annotated strs -->
- [x] #54243 <!-- prevent `package_callbacks` to run multiple time for a
single package -->
- [x] #54350 <!-- add a precompile signature to Artifacts code that is
used by JLLs -->
- [x] #54331 <!-- correctly track freed bytes in
jl_genericmemory_to_string -->
- [x] #53509 <!-- revert moving "creating packages" from Pkg.jl -->
- [x] #54335 <!-- When accessing the data pointer for an array, first
decay it to a Derived Pointer -->
- [x] #54239 <!-- Make sure `fieldcount` constant-folds for `Tuple{...}`
-->
- [x] #54288
- [x] #54067
- [x] #53715 <!-- Add read/write specialisation for IOContext{AnnIO} -->
- [x] #54289 <!-- Rework annotation ordering/optimisations -->
- [x] #53815 <!-- create phantom task for GC threads -->
- [x] #54130 <!-- inference: handle `LimitedAccuracy` in
`handle_global_assignment!` -->
- [x] #54428 <!-- Move ConsoleLogging.jl into Base -->
- [x] #54332 <!-- Revert "add unsetindex support to more copyto methods
(#51760)" -->
- [x] #53826 <!-- Make all command-line options documented in all
related files -->
- [x] #54465 <!-- typeintersect: conservative typevar subtitution during
`finish_unionall` -->
- [x] #54514 <!-- typeintersect: followup cleanup for the nothrow path
of type instantiation -->
- [x] #54499 <!-- make `@doc x` work without REPL loaded -->
- [x] #54210 <!-- attach finalizer in `mmap` to the correct object -->
- [x] #54359 <!-- Pkg REPL: cache `pkg_mode` lookup -->

Non-merged PRs with backport label:
- [ ] #54471 <!-- Actually setup jit targets when compiling
packageimages instead of targeting only one -->
- [ ] #54457 <!-- Make `String(::Memory)` copy -->
- [ ] #54323 <!-- inference: fix too conservative effects for recursive
cycles -->
- [ ] #54322 <!-- effects: add new `@consistent_overlay` macro -->
- [ ] #54191 <!-- make `AbstractPipe` public -->
- [ ] #53957 <!-- tweak how filtering is done for what packages should
be precompiled -->
- [ ] #53882 <!-- Warn about cycles in extension precompilation -->
- [ ] #53707 <!-- Make ScopedValue public -->
- [ ] #53452 <!-- RFC: allow Tuple{Union{}}, returning Union{} -->
- [ ] #53402 <!-- Add `jl_getaffinity` and `jl_setaffinity` -->
- [ ] #53286 <!-- Raise an error when using `include_dependency` with
non-existent file or directory -->
- [ ] #52694 <!-- Reinstate similar for AbstractQ for backward
compatibility -->
- [ ] #51479 <!-- prevent code loading from lookin in the versioned
environment when building Julia -->
@KristofferC KristofferC removed the backport 1.11 Change should be backported to release-1.11 label May 28, 2024
@simeonschaub simeonschaub mentioned this pull request Aug 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Seelengrab Seelengrab Seelengrab left review comments

@vtjnash vtjnash vtjnash approved these changes

Assignees
No one assigned
Labels
io Involving the I/O subsystem: libuv, read, write, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Integer overflow in skip(s::IOBuffer, typemax(Int64)) can cause seg fault
5 participants
@nhz2 @Seelengrab @vtjnash @KristofferC @oscardssmith