fix #9037: segfault caused by incorrect alignment assumptions

The rand!(::MersenneTwister, A::Array{Float64}) assumed that the array A was 16-byte aligned, which can be false (e.g. after a call to resize!) and lead to a segfault in libdSFMT.
JuliaLang · Nov 17, 2014 · 4e0ae82 · 4e0ae82
1 parent aa1f53b
commit 4e0ae82
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 12 deletions.
diff --git a/base/dSFMT.jl b/base/dSFMT.jl
@@ -39,19 +39,18 @@ function dsfmt_init_by_array(s::DSFMT_state, seed::Vector{UInt32})
           s.val, seed, length(seed))
 end
 
-
-# precondition for dsfmt_fill_array_*:
-# the underlying C array must be 16-byte aligned, which is the case for "Array"
-function dsfmt_fill_array_close1_open2!(s::DSFMT_state, A::Array{Float64}, n::Int)
-    @assert dsfmt_min_array_size <= n <= length(A)  && iseven(n)
+function dsfmt_fill_array_close1_open2!(s::DSFMT_state, A::Ptr{Float64}, n::Int)
+    @assert Int(A) % 16 == 0 # the underlying C array must be 16-byte aligned
+    @assert dsfmt_min_array_size <= n && iseven(n)
     ccall((:dsfmt_fill_array_close1_open2,:libdSFMT),
           Void,
           (Ptr{Void}, Ptr{Float64}, Int),
           s.val, A, n)
 end
 
-function dsfmt_fill_array_close_open!(s::DSFMT_state, A::Array{Float64}, n::Int)
-    @assert dsfmt_min_array_size <= n <= length(A)  && iseven(n)
+function dsfmt_fill_array_close_open!(s::DSFMT_state, A::Ptr{Float64}, n::Int)
+    @assert Int(A) % 16 == 0 # the underlying C array must be 16-byte aligned
+    @assert dsfmt_min_array_size <= n && iseven(n)
     ccall((:dsfmt_fill_array_close_open,:libdSFMT),
           Void,
           (Ptr{Void}, Ptr{Float64}, Int),

diff --git a/base/random.jl b/base/random.jl
@@ -33,7 +33,7 @@ end
 @inline mt_pop!(r::MersenneTwister) = @inbounds return r.vals[r.idx+=1]
 
 function gen_rand(r::MersenneTwister)
-    dsfmt_fill_array_close1_open2!(r.state, r.vals, length(r.vals))
+    dsfmt_fill_array_close1_open2!(r.state, pointer(r.vals), length(r.vals))
     mt_setfull!(r)
 end
 
@@ -218,15 +218,28 @@ end
 
 rand!(r::MersenneTwister, A::AbstractArray{Float64}) = rand_AbstractArray_Float64!(r, A)
 
-fill_array!(s::DSFMT_state, A::Array{Float64}, n::Int, ::Type{CloseOpen}) = dsfmt_fill_array_close_open!(s, A, n)
-fill_array!(s::DSFMT_state, A::Array{Float64}, n::Int, ::Type{Close1Open2}) = dsfmt_fill_array_close1_open2!(s, A, n)
+fill_array!(s::DSFMT_state, A::Ptr{Float64}, n::Int, ::Type{CloseOpen}) = dsfmt_fill_array_close_open!(s, A, n)
+fill_array!(s::DSFMT_state, A::Ptr{Float64}, n::Int, ::Type{Close1Open2}) = dsfmt_fill_array_close1_open2!(s, A, n)
 
 function rand!{I<:FloatInterval}(r::MersenneTwister, A::Array{Float64}, n=length(A), ::Type{I}=CloseOpen)
     if n < dsfmt_get_min_array_size()
         rand_AbstractArray_Float64!(r, A, n, I)
     else
-        fill_array!(r.state, A, 2*(n ÷ 2), I)
-        isodd(n) && (A[n] = rand(r, I))
+        pA = pointer(A)
+        rem = Int(pA) % 16
+        if rem > 0
+            pA2 = pA + 16 - rem
+            n2 = rem < 8 ? n-2 : n-1
+            rand!(r, pointer_to_array(pA2, n2), n2, I)
+            unsafe_copy!(pA, pA2, n2)
+            for i=n2+1:n
+                A[i] = rand(r, I)
+            end
+        else
+            # pA is 16-byte aligned, so it's safe to use fill_array!
+            fill_array!(r.state, pA, 2*(n ÷ 2), I)
+            isodd(n) && (A[n] = rand(r, I))
+        end
     end
     A
 end