BUG: avoid negating INT_MIN in PyArray_Round implementation (#30071)#30076
Merged
charris merged 1 commit intonumpy:maintenance/2.3.xfrom Oct 25, 2025
Merged
BUG: avoid negating INT_MIN in PyArray_Round implementation (#30071)#30076charris merged 1 commit intonumpy:maintenance/2.3.xfrom
charris merged 1 commit intonumpy:maintenance/2.3.xfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #30071.
c.f. https://huntr.com/bounties/49928a2c-c6bb-4c1c-80ec-5d7bf708bf28 where this almost led to a CVE getting reported against NumPy.
Addresses one of the issues reported in #28829.
For those who are unaware: the value of
INT_MINis-INT_MAX - 1(negating using two's complement arithmetic), so that means that if C used two's complement-INT_MIN == INT_MIN. For that reason,-INT_MINis UB according to the C standard. You are always supposed to do a check like this when negating a signed integer, but it is often skipped.I learned while working on this that passing
rounda negativendigitsis supported. Round withndigits!=0is the same as round withndigits==0, but transformed in the following way:round(x * 10**ndigits, 0) / 10**ndigits. The same formula holds for positive and negative ndigits.No tests because it's annoying to write a test for this case (see python/cpython#132474 -- it turns out
round(2**31, -2**31)will hang CPython...).Open to suggestions if people want to do a more thorough job of this but at least this prevents the segfault.
Ping @devdanzin, this seems relevant to your interests.