Skip to content

Add data buffer validation to impl_like() for portable/lean builds #17195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
psiddh wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add data buffer validation to impl_like() for portable/lean builds #17195

psiddh wants to merge 1 commit into from
+41 −2

Conversation

@psiddh
Copy link
Contributor

@psiddh psiddh commented Feb 4, 2026
edited
Loading

This addresses the security concern (TOB-EXECUTORCH-9) where the non-ATen code path in impl_like() was missing validation that existed in tensor_like().

Followup fix to suggestions: #17163

@pytorch-bot
Copy link

pytorch-bot bot commented Feb 4, 2026
edited
Loading

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/17195

Note: Links to docs will display an error until the docs builds have been completed.

❌ 132 New Failures

As of commit 76e483b with merge base 2ace1cc (image):

NEW FAILURES - The following jobs have failed:

This comment was automatically generated by Dr. CI and updates every 15 minutes.

@meta-cla meta-cla bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Feb 4, 2026
@github-actions
Copy link

github-actions bot commented Feb 4, 2026

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

@psiddh psiddh marked this pull request as ready for review February 4, 2026 06:55
@psiddh psiddh requested a review from Gasoonjia as a code owner February 4, 2026 06:55
@psiddh psiddh requested review from Copilot and lucylq February 4, 2026 06:55
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a security vulnerability (TOB-EXECUTORCH-9) by adding data buffer validation to the impl_like() function in bundled_program.cpp, which is used in portable/lean builds. This brings parity with the validation that was added to tensor_like() (used in ATen builds) in PR #17163.

Changes:

  • Added buffer size validation to impl_like() to prevent heap over-read attacks
  • Added dimension count validation and negative size checks
  • Imported scalar_type_util.h for the elementSize() function

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

devtools/bundled_program/bundled_program.cpp
Comment on lines 95 to 109
size_t numel = 1;
for (ssize_t i = 0; i < dim; i++) {
ET_CHECK(sizes[i] >= 0);
numel *= static_cast<size_t>(sizes[i]);
}
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The numel calculation lacks overflow protection. Multiplying sizes without checking for overflow could result in integer overflow, causing expected_bytes to be much smaller than the actual required size. This would defeat the security validation this code is meant to provide.

Consider using c10::mul_overflows (from c10/util/safe_numerics.h) similar to the pattern in runtime/executor/method_meta.cpp lines 62-70. This should include overflow checks for both the numel calculation and the final multiplication by element size.

Copilot uses AI. Check for mistakes.
Copilot AI review requested due to automatic review settings February 4, 2026 07:00
Copilot AI mentioned this pull request Feb 4, 2026
Closed
4 tasks
@pytorch pytorch deleted a comment from Copilot AI Feb 4, 2026
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

devtools/bundled_program/bundled_program.cpp
static_cast<int>(sizes[i]));
numel *= static_cast<size_t>(sizes[i]);
}
size_t expected_bytes = numel * executorch::runtime::elementSize(scalar_type);
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The multiplication of numel by elementSize can also overflow. After fixing the overflow checks for numel calculation, you should also add an overflow check for the final multiplication at this line using c10::mul_overflows, similar to the pattern in runtime/executor/method_meta.cpp:76-82.

Copilot uses AI. Check for mistakes.
devtools/bundled_program/bundled_program.cpp
Comment on lines 80 to 81
ScalarType scalar_type =
static_cast<ScalarType>(bundled_tensor->scalar_type());
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding validation for the scalar_type before using it in elementSize(). While elementSize() does check for invalid types, an early validation with a more specific error message would be more consistent with the pattern in runtime/executor/tensor_parser_portable.cpp:46-50. This would make debugging easier if a malicious file provides an invalid scalar type.

Copilot uses AI. Check for mistakes.
devtools/bundled_program/bundled_program.cpp
Comment on lines 95 to 110
size_t numel = 1;
for (ssize_t i = 0; i < dim; i++) {
ET_CHECK_MSG(
sizes[i] >= 0,
"Tensor has negative size at dimension %zd: %d",
static_cast<ssize_t>(i),
static_cast<int>(sizes[i]));
numel *= static_cast<size_t>(sizes[i]);
}
size_t expected_bytes = numel * executorch::runtime::elementSize(scalar_type);
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The numel calculation is vulnerable to integer overflow. A malicious file could provide dimensions that cause the multiplication to overflow, resulting in a smaller expected_bytes value than intended. This could bypass the buffer size check and lead to heap buffer overflow during tensor operations.

Consider using c10::mul_overflows to detect overflow, similar to the pattern in runtime/executor/method_meta.cpp:62-72. You'll need to include <c10/util/safe_numerics.h> and check overflow at each multiplication step.

Copilot uses AI. Check for mistakes.
devtools/bundled_program/bundled_program.cpp Outdated
// Validate dimension count
ET_CHECK(
dim <= static_cast<ssize_t>(kMaxDim),
"Tensor rank too large, Max Dim %zu",
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message should include the actual dimension value that caused the failure, not just the limit. This would be more helpful for debugging. Consider a format like: "Tensor rank too large: got %zd, max allowed %zu" with both dim and kMaxDim values, consistent with similar error messages in runtime/executor/tensor_parser_aten.cpp:65 and runtime/executor/tensor_parser_portable.cpp:69.

Suggested change
"Tensor rank too large, Max Dim %zu",
"Tensor rank too large: got %zd, max allowed %zu",
dim,

Copilot uses AI. Check for mistakes.
Add data buffer validation to impl_like() for portable/lean builds
76e483b 
This addresses the security concern (TOB-EXECUTORCH-9) where the non-ATen
code path in impl_like() was missing validation that existed in
tensor_like().

Followup fix to suggestions: #17163
@psiddh psiddh marked this pull request as draft February 4, 2026 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Gasoonjia Gasoonjia Awaiting requested review from Gasoonjia Gasoonjia is a code owner

@lucylq lucylq Awaiting requested review from lucylq

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@psiddh