Fuzzing Numpy #38
Description
Fuzzing Numpy with the default Python fuzzer failed to exercise most of the API and didn't uncover free-threaded issues (likely due to the absence of shared objects between threads). Probably creating and using tricky arrays and other objects would increase the hits. Tricky data would also be interesting and suitable to finding security issues.
Numpy maintainers prefer that hits from analytic tools be condensed in single issues.
Issues found so far:
- BUG: ASAN detects heap-buffer-overflow from
numpy.strings.findnumpy/numpy#28791 - BUG: segfault from calling
__class__on functions likeatleast_1dnumpy/numpy#28788 - BUG: segfault by rounding number by large negative value numpy/numpy#28787
- BUG: Slot * of type X succeeded with an exception set numpy/numpy#28786
- BUG: segfault from calling
__func__of Cython methods numpy/numpy#28785 - BUG: segfault from
random_rawfrom instance initialized from invalid value numpy/numpy#28784 - BUG: Failed
!PyErr_Occurred()assertion numpy/numpy#28783 - BUG: Segfault/stack-overflow from initializing
numpy.random._mt19937.MT19937with recursive list numpy/numpy#28822 - BUG: crashes found by fuzzing with fusil numpy/numpy#28829