PyTorch Integer Overflow Vulnerability in torch.nan_to_num-.long() Component

An integer overflow vulnerability has been identified in PyTorch version 2.8.0, specifically within the torch.nan_to_num-.long() function. This issue arises when the function processes input values of positive infinity, leading to incorrect output results. The vulnerability is present in the PyTorch compiler component known as Inductor.

Impact

Exploitation of this vulnerability causes an integer overflow, where positive infinity is incorrectly converted to a negative value, due to precision loss in the conversion process. This overflow can lead to undefined behavior in subsequent calculations.

Reproduction

The vulnerability can be reproduced by compiling a PyTorch model that includes the torch.nan_to_num function with positive infinity input, followed by a conversion to the long data type using the .long() method. When this model is executed with the Inductor backend, the output will incorrectly reflect the reciprocal of the expected result, demonstrating the integer overflow.