fix: prevent EXP negative dimension size_t cast out of bounds access#3516
Open
Sakura-501 wants to merge 1 commit intotensorflow:mainfrom
Open
fix: prevent EXP negative dimension size_t cast out of bounds access#3516Sakura-501 wants to merge 1 commit intotensorflow:mainfrom
Sakura-501 wants to merge 1 commit intotensorflow:mainfrom
Conversation
The EXP kernel computed flat_size as a signed int and then cast it to size_t without validating negative values. A malformed tensor shape such as [-1] turns flat_size into a negative number, and the cast expands it into a huge unsigned length that drives reference_ops::Exp into out-of-bounds memory access. This change adds a TF_LITE_ENSURE check in ExpEval so malformed negative flat sizes are rejected before the cast. It also adds a regression test that demonstrates the kernel now returns kTfLiteError for a negative dimension instead of crashing.
Sakura-501
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Vulnerability
This PR fixes an out of bounds memory access in the EXP kernel caused by converting a negative
flat_sizeintosize_twithout validation.A malformed tensor shape such as
[-1]can makeMatchingFlatSizereturn a negative value.ExpEvalthen casts that signed value tosize_t, which expands it into a huge unsigned element count.reference_ops::Exptrusts that count and iterates far beyond the real input and output buffers, which can cause out of bounds read and write, process crash, and memory corruption.Root cause
MatchingFlatSizecan return a negative value for malformed tensor dimensionsExpEvaldid not reject negativeflat_sizeFix
TF_LITE_ENSURE(context, flat_size >= 0)inExpEvalsize_tcastkTfLiteErrorinstead of crashingWhy the fix is correct
The bug exists at the conversion boundary between signed and unsigned length handling. Rejecting negative
flat_sizevalues prevents the dangerous cast and stops malformed tensor shapes from reaching the out of bounds loop inreference_ops::Exp.Local verification
bazel test //tensorflow/lite/micro/kernels:exp_testxcrun clang-format --dry-run -Werror tensorflow/lite/micro/kernels/exp.cc tensorflow/lite/micro/kernels/exp_test.ccgit diff --checkbash tensorflow/lite/micro/tools/ci_build/test_code_style.shBUG=None