Validate tensor rank in CIRCULAR_BUFFER Prepare to prevent out-of-bounds read#3595
Open
BiswajeetRay7 wants to merge 1 commit into
Open
Validate tensor rank in CIRCULAR_BUFFER Prepare to prevent out-of-bounds read#3595BiswajeetRay7 wants to merge 1 commit into
BiswajeetRay7 wants to merge 1 commit into
Conversation
…nds read CircularBufferPrepare indexes dims->data[0..3] without checking rank-4 first, causing an out-of-bounds read on a rank<4 tensor. Add NumDimensions()==4 checks before the accesses, matching sibling kernels (depth_to_space, concatenation, etc.). Reported via GHSA-3x72-x298-9pjx and OSS VRP issue 523561915. Signed-off-by: Biswajeet Ray <raybiswajeet2@gmail.com>
Author
|
Gentle ping — this is a small (4-line) defensive fix bringing CIRCULAR_BUFFER in line with the rank validation already used by sibling kernels (depth_to_space, concatenation, etc.). All checks are green. Would a code owner be able to take a look when convenient? Happy to add a regression test if that would help. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
CircularBufferPrepare in circular_buffer_common.cc reads input/output dims->data[0] through dims->data[3] without validating the tensors are rank-4. TfLiteIntArray stores dims as a flexible-array member (int data[]) sized to exactly
sizeints, so on a rank<4 tensor, dims->data[3] reads past the end — an out-of-bounds read. The same assumption is in the cycles_max <= 0 branch and the eval path in circular_buffer.cc.Sibling kernels already guard this way (depth_to_space.cc, batch_to_space_nd.cc, broadcast_to.cc, concatenation.cc, cumsum.cc) via NumDimensions(). This brings CIRCULAR_BUFFER in line.
Fix
Add NumDimensions(input)==4 and NumDimensions(output)==4 checks before any dims->data[..] access. No new include needed (kernel_util.h already included).
Refs
Reported via GitHub Security Advisory GHSA-3x72-x298-9pjx and Google OSS VRP issue 523561915.
BUG=523561915
Signed-off-by: Biswajeet Ray raybiswajeet2@gmail.com