llama.cpp
llama.cpp copied to clipboard
Published
1 month ago
•
ggml-org
ggml-org
[Bug] LLava 1.6 core dump happened in bicubic_resize.
https://github.com/ggerganov/llama.cpp/blame/1d1ccce67613674c75c9c7e3fa4c1e24e428ba48/examples/llava/clip.cpp#L1630
core dump happened in bicubic_resize. dbg core_file reports like
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e68efaa5be in bicubic_resize (img=..., dst=..., target_width=target_width@entry=364, target_height=target_height@entry=546) at /usr/include/c++/11/bits/stl_vector.h:1061
1061 operator[](size_type __n) const _GLIBCXX_NOEXCEPT
[Current thread is 1 (Thread 0x7f9421599640 (LWP 4080918))]
I added some logs like this:
int src_buf_size = img.buf.size();
for (i = 0; i < target_height; i++) {
for (j = 0; j < target_width; j++) {
x = (int)(tx * j);
y = (int)(ty * i);
dx = tx * j - x;
dy = ty * i - y;
for (k = 0; k < 3; k++) {
for (jj = 0; jj <= 3; jj++) {
int temp = (clip(y - 1 + jj, 0, ny - 1) * nx + clip(x, 0, nx - 1)) * 3 + k;
if (temp >= src_buf_size) {
LOG_TEE("%s: temp %d, src_buf_size %d\n", __func__, temp, src_buf_size);
}
d0 = img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x - 1, 0, nx - 1)) * 3 + k] - img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x, 0, nx - 1)) * 3 + k];
d2 = img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x + 1, 0, nx - 1)) * 3 + k] - img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x, 0, nx - 1)) * 3 + k];
d3 = img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x + 2, 0, nx - 1)) * 3 + k] - img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x, 0, nx - 1)) * 3 + k];
a0 = img.buf[(clip(y - 1 + jj, 0, ny - 1) * nx + clip(x, 0, nx - 1)) * 3 + k];
it outputs:
bicubic_resize: temp 5113152, src_buf_size 5092990
does this mean it will cause the access of img.buf[] in following lines will cause invalid access?
