Skip to content

fix(qdp): guard batch size multiplication against overflow#1324

Merged
ryankert01 merged 1 commit into
apache:mainfrom
rich7420:fix/qdp-batch-size-overflow
May 18, 2026
Merged

fix(qdp): guard batch size multiplication against overflow#1324
ryankert01 merged 1 commit into
apache:mainfrom
rich7420:fix/qdp-batch-size-overflow

Conversation

@rich7420
Copy link
Copy Markdown
Contributor

@rich7420 rich7420 commented May 18, 2026

Summary

  • Preprocessor::validate_batch and AmplitudeEncoder::encode_batch_f32 computed num_samples * sample_size without overflow checks. The angle encoder paths already use checked_mul (angle.rs:87, :143, :327, :405, :528) — these two sites were missed.
  • On 64-bit hosts the product can wrap, letting an undersized buffer pass the length check and causing out-of-bounds reads downstream in the encoder.
  • This PR mirrors the angle.rs pattern: checked_mul returning MahoutError::InvalidInput on overflow.

Changes

  • qdp/qdp-core/src/preprocessing.rs: guard num_samples * sample_size in validate_batch.
  • qdp/qdp-core/src/gpu/encodings/amplitude.rs: guard the same multiplication in encode_batch_f32 (the f64 path already routes through Preprocessor::validate_batch).
  • Added a unit test in preprocessing.rs covering the overflow path.

Test plan

  • cargo test --manifest-path qdp/qdp-core/Cargo.toml --lib — 77 passed, 0 failed
  • pre-commit (clippy, rustfmt, license headers) — all pass
  • New test validate_batch_rejects_size_overflow exercises the checked_mul failure branch

@rich7420
fix(qdp): guard batch size multiplication against overflow
9443e87 
`Preprocessor::validate_batch` and `AmplitudeEncoder::encode_batch_f32`
computed `num_samples * sample_size` without overflow checks, while the
analogous angle encoder paths already use `checked_mul`. On 64-bit hosts
the product can wrap and let an undersized buffer pass validation,
leading to out-of-bounds reads in the encoder.

Mirror the angle.rs pattern: use `checked_mul` and surface an
`InvalidInput` error on overflow. Add a unit test covering the
overflow path through the shared preprocessor.
@ryankert01 ryankert01 requested a review from Copilot May 18, 2026 07:03
@ryankert01
Copy link
Copy Markdown
Member

ryankert01 commented May 18, 2026

Make sense, will let copilot double check for me.

Copilot AI reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens QDP batch validation by preventing unchecked usize multiplication overflow when deriving expected batch buffer sizes, aligning amplitude/preprocessing behavior with existing checked length validation patterns.

Changes:

  • Added checked_mul overflow handling in Preprocessor::validate_batch.
  • Added matching overflow handling in AmplitudeEncoder::encode_batch_f32.
  • Added a unit test for the preprocessing overflow path.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
qdp/qdp-core/src/preprocessing.rs Guards batch expected-length calculation and tests overflow rejection.
qdp/qdp-core/src/gpu/encodings/amplitude.rs Guards f32 amplitude batch expected-length calculation before length comparison.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ryankert01 ryankert01 merged commit ac30a8c into apache:main May 18, 2026
5 checks passed
@rich7420 rich7420 mentioned this pull request May 18, 2026
Closed
ryankert01 pushed a commit that referenced this pull request May 20, 2026
@rich7420 @ryankert01
fix(qdp): guard batch size multiplication against overflow (#1324)
6156afb 
`Preprocessor::validate_batch` and `AmplitudeEncoder::encode_batch_f32`
computed `num_samples * sample_size` without overflow checks, while the
analogous angle encoder paths already use `checked_mul`. On 64-bit hosts
the product can wrap and let an undersized buffer pass validation,
leading to out-of-bounds reads in the encoder.

Mirror the angle.rs pattern: use `checked_mul` and surface an
`InvalidInput` error on overflow. Add a unit test covering the
overflow path through the shared preprocessor.
@ryankert01 ryankert01 mentioned this pull request May 20, 2026
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ryankert01 ryankert01 ryankert01 approved these changes

@guan404ming guan404ming Awaiting requested review from guan404ming guan404ming is a code owner

@400Ping 400Ping Awaiting requested review from 400Ping 400Ping is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rich7420 @ryankert01