From b0c21778d432975e388b0bfc67bbbe08969a9f3a Mon Sep 17 00:00:00 2001
From: Taksh <takshkothari09@gmail.com>
Date: Wed, 8 Apr 2026 09:33:14 +0530
Subject: [PATCH] Reset capacity_ in ShareData/ShareDiff to prevent stale
 shared memory reuse
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After ShareData(other), data_ points to other's memory but capacity_
retains the old blob's value. If Reshape() is later called with a size
<= the stale capacity_, it skips allocation and silently reuses the
shared pointer — corrupting other's data or causing use-after-free.

Setting capacity_ to 0 forces Reshape() to allocate fresh memory,
which is consistent with how capacity_ is initialized in constructors.

Fixes #5439

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/caffe/blob.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/caffe/blob.cpp b/src/caffe/blob.cpp
index 603e52f7025..46c4f3e0d1b 100644
--- a/src/caffe/blob.cpp
+++ b/src/caffe/blob.cpp
@@ -156,12 +156,14 @@ template <typename Dtype>
 void Blob<Dtype>::ShareData(const Blob& other) {
   CHECK_EQ(count_, other.count());
   data_ = other.data();
+  capacity_ = 0;
 }
 
 template <typename Dtype>
 void Blob<Dtype>::ShareDiff(const Blob& other) {
   CHECK_EQ(count_, other.count());
   diff_ = other.diff();
+  capacity_ = 0;
 }
 
 // The "update" method is used for parameter blobs in a Net, which are stored