Out of bounds memory write in esp_nn_aligned_s8_pad_with_value (causing CORRUPT HEAP: Bad tail) #8
Description
Hello, @vikramdattu !
We have successfully tested object detection and sensor time series models with ESP32-S3. However, when testing keyword spotting model, we ran into
CORRUPT HEAP: Bad tail
issue.
I started investigating, think that it might be the alignment problem again, described in #7, however it seems this is something different this time.
I peppered my inference and ESP NN code with heap_caps_check_integrity_all(true); and managed to find the source of the problem (I think):
The tail corruption is happening here
esp-nn/src/common/common_functions.h
Line 188 in 12129cf
which is led from
esp-nn/src/convolution/esp_nn_conv_esp32s3.c
Line 257 in 12129cf
The padding function is only used for ESP32-S3. I think the reason it only shows for keyword spotting models for us is that the dimensions are different and therefore there is a need for padding.
From what I understand the code here resizes scratch buffer? I don't think this is valid, even if it is within the arena (and for sure not valid when scratch buffer is allocated outside of the arena, like in our case). If the scratch buffer is inside of the arena, resizing it like that would likely cause corruption to neighboring buffers/tensors. If it is outside of arena, then there is no way to tell what will it write on.
Let me know if my reasoning here is correct and how can we solve this issue! Enclosed find the exact project to replicate the issue.
example-standalone-inferencing-espressif-esp32.zip