ndarray-linalg icon indicating copy to clipboard operation
ndarray-linalg copied to clipboard
verified publisher icon rust-ndarray

i32 overflow when determining SVD result size

Open jgarthur opened this issue 3 years ago • 1 comments

The code linked below can overflow when any of the products is above i32::MAX, potentially leading to a much larger memory allocation than intended (example). There are a few other instances in other calls to vec_uninit

https://github.com/rust-ndarray/ndarray-linalg/blob/master/lax/src/svddc.rs#L44-L49

jgarthur avatar May 25 '22 22:05 jgarthur

https://play.rust-lang.org/?gist=501fb52b2beb650d2ac9ec6872f269e9

#[allow(arithmetic_overflow)]
fn main() {
    let m: i32 = 2_000;
    let n: i32 = 1_080_000;
    println!("{}", m * n);
    println!("{}", (m * n) as usize);
    println!("{}", m as usize * n as usize);
}

Run in debug mode, it panics.

thread 'main' panicked at 'attempt to multiply with overflow', src/main.rs:5:20

Run in release mode, silent arithmetic integer overflow.

-2134967296
18446744071574584320
2160000000

All occurrences of (x * y) as usize where x and y are i32 ought to be x as usize * y as usize. When x and y are i32 and known to be positive, x as usize * y as usize cannot overflow.

sjackman avatar May 25 '22 22:05 sjackman