cuml icon indicating copy to clipboard operation
cuml copied to clipboard
verified publisher icon rapidsai

UMAP fix int32 overflow causing illegal mem access

Open aamijar opened this issue 4 weeks ago • 3 comments

Resolves #7517

The optimize_batch_kernel and optimize_batch_kernel_reg use the following condition to check for out of bounds

while (row < nnz)

Inside the loop row += skip_size is used for iteration. However, when row is close to INT32_MAX it can cause an overflow, which leads to the value of row wrapping around to become a negative number. The loop will then be run again since row < nnz still, which will lead to a cuda illegal memory access since row is negative.

To solve this we can check for the overflow case and break from the while loop if (row > nnz - skip_size) break;

Update: We can use size_t for row and skip_size instead.

See #7517 for a concrete reproducer.

aamijar avatar Dec 10 '25 04:12 aamijar

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

copy-pr-bot[bot] avatar Dec 10 '25 04:12 copy-pr-bot[bot]

can we instead use size_t as the type for row and skip_size (rather than using nnz_t which can in int or size_t)? Or change our nnz_t dispatch algorithm?

jinsolp avatar Dec 10 '25 20:12 jinsolp

can we instead use size_t as the type for row and skip_size (rather than using nnz_t which can in int or size_t)? Or change our nnz_t dispatch algorithm?

Yes, I've updated it to use size_t 👍

aamijar avatar Dec 10 '25 22:12 aamijar

/merge

aamijar avatar Dec 11 '25 18:12 aamijar