Fix zero data type in expr % 1 simplification#12913
Merged
alamb merged 1 commit intoapache:mainfrom Oct 16, 2024
Merged
Conversation
This address a bug that previously always replace % 1 expression with a 0 of type i32. This lead to panics/crashes in a lot of places since we expect the type to not change as part of this simplification rule. This patch fixes it by replacing it with a 0 of correct type. This was discovered in apache#12814
2010YOUY01
approved these changes
Oct 15, 2024
Contributor
2010YOUY01
left a comment
2010YOUY01
left a comment
There was a problem hiding this comment.
Great catch for another vulnerability.
Some additional thoughts: this optimization rule seems quite error-prone for edge cases. We should run property tests with the optimization rules both enabled and disabled.
findepi
approved these changes
Oct 15, 2024
Member
|
We could perhaps validate the types before and after simplification are the same |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Which issue does this PR close?
Follow up to #12814
Rationale for this change
This address a bug that previously always replace % 1 expression with a 0 of type i32. This lead to panics/crashes in a lot of places since we expect the type to not change as part of this simplification rule.
What changes are included in this PR?
This patch fixes it by replacing it with a 0 of correct type.
Are these changes tested?
Yes.
Are there any user-facing changes?
No.