Fixed warning and added safe globals #423
Conversation
akihironitta
changed the title
|
The fix works for a higher PyTorch version, will investigate a fix for v2.2. Has to do with telling the code that the custom classes are safe for depickling. |
|
@akihironitta It seems that the warning in #422 is not being reproduced for Torch v2.2.0 in the CI test logs. The warning occurs because pickle has a potential issue where unsafe code may be executed upon unpickling. Torch v2.4 is the only version where I was able to reproduce this warning. Torch v2.4 also contains the solution, being adding the custom classes pytorch/pytorch#129239 is where the warning was introduced. |
|
Hey @NeelKondapalli, thanks again for this PR! To keep supporting older PyTorch versions, we could try having a flag like this https://github.com/pyg-team/pytorch_geometric/blob/8c849a482c3cf2326c1f493e79d04169b26dfb0b/torch_geometric/typing.py#L12: if WITH_PT24:
torch.serialization.add_safe_globals(...)If feasible, we'd like to enable |
|
Adding a version specific flag like that is doable. From what I can see, Since the torch.serialization.add_safe_globals fn is not available in the older torch versions, it seems that turning on the The only way I can think of at the moment to amend this for lower torch versions is to maybe use a custom unpickler when loading the model (instead of Torch's internal load method) and configuring it to only read |
There was a problem hiding this comment.
Looks great! Thanks again :)
I feel your 4ce8e5c is the right thing to do. Whenever possible, we should set weights_only=True, but we can disable it in other cases.
|
@NeelKondapalli This is great! Thank you again for making your first contribution to PyTorch Frame! 🚀 |
|
Thank you! Awesome we could work it out. |
Fixes #422 by adding the
weights_only = Trueargument totorch.loadin the fileio.py. This protects agains the arbitrary data warning. The typesstypeandStatTypewere added to the safe globals list.By: Neel Kondapalli ([email protected])