[Numpy-discussion] SegFault/double free with simple array mask operation
Achim Gaedke
Achim.Gaedke at physik.tu-darmstadt.de
Sat Nov 17 06:55:57 EST 2007
Achim Gaedke wrote:
> David Cournapeau wrote:
>
>> Could you open a ticket on the numpy trac system ? (I can confirm the bug)
>>
>> cheers,
>>
>> David
>>
>>
> It is Ticket #614 . The version information in trac are outdated, I
> could not select version 1.0.3 or 1.0.4 .
>
Here is the solution for Segmentation Fault reported.
It is basicly copied from the function iter_subscript_Bool, which alredy
does the necessary range checks.
Achim
Index: arrayobject.c
===================================================================
--- arrayobject.c (revision 4464)
+++ arrayobject.c (working copy)
@@ -9337,6 +9337,11 @@
return -1;
}
index = ind->dimensions[0];
+ if (index > self->size) {
+ PyErr_SetString(PyExc_ValueError,
+ "too many boolean indices");
+ return -1;
+ }
strides = ind->strides[0];
dptr = ind->data;
PyArray_ITER_RESET(self);
More information about the NumPy-Discussion
mailing list