Copybara import of the project:#9836
Merged
copybara-service[bot] merged 4 commits intomasterfrom Mar 31, 2026
Merged
Conversation
Bug 1: xnn_define_blockwise_quantized_tensor_value_v2 accesses dims[1] without checking num_dims >= 2. With num_dims=1, dims[1] reads past the caller-provided array — heap buffer overflow (confirmed with ASAN). Bug 2: reshape_resize_bilinear_operator reads dim[0..3] without checking num_dims >= 4. Missed by commit d45f452 which added this check to other operators. Bug 3: reshape_rope_operator accesses dim[num_dims-3] without checking num_dims >= 3. With num_dims < 3, unsigned underflow in index calculation.
…n copy ops Bug 1 — Stack buffer overflow in xnn_define_static_slice (static-slice.c:275-277) xnn_define_static_slice() uses a local int64_t signed_offsets[XNN_MAX_TENSOR_DIMS] (6 elements) array but iterates num_dims times without checking num_dims <= 6. With num_dims=10, the loop writes 80 bytes into a 48-byte stack buffer — 32 bytes of attacker-controlled stack corruption. Same pattern as Bug 1 in PR #9778. xnn_define_static_slice_v2() has the identical issue with ends[XNN_MAX_TENSOR_DIMS]. Bug 2 — Missing bounds check in xnn_define_static_slice_v3 (static-slice.c:257-258) memcpy(node->params.slice.begins, begins, num_dims * sizeof(int64_t)) writes num_dims*8 bytes into begins[6] (48 bytes) without bounds checking. Bug 3 — Missing bounds check in define_copy_node (copy.c:477) memcpy into node->params.static_reshape.new_shape.dim without checking num_dims. Affects xnn_define_static_reshape, xnn_define_static_expand_dims, xnn_define_fuse_dims, and xnn_define_split_dim.
reshape_batch_matrix_multiply_nc() uses local arrays batch_dims_c[XNN_MAX_TENSOR_DIMS] (6 elements) and batch_strides_c[XNN_MAX_TENSOR_DIMS] (6 elements) but iterates num_batch_dims times without checking num_batch_dims <= 6. With num_batch_dims=10, writes past both 48-byte stack buffers. Attacker-controlled values from batch_dims_a/b are written to the overflow region — controlled stack corruption. Reachable from all public xnn_reshape_batch_matrix_multiply_nc_* APIs (f16, f32, pf16, pf32, qs8, qd8_f32_qc8w, qp8_f32_qc8w, qdu8_f32_qc8w, bf16_f32).
…s-check PiperOrigin-RevId: 892529411
copybara-service
bot
force-pushed
the
test_892506695
branch
from
2c2d840 to
1812bbe
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Copybara import of the project:
--
6cbdbc5 by mohammadmseet-hue mohammadmseet@gmail.com:
Fix OOB read in blockwise quantized tensor + missing bounds checks
Bug 1: xnn_define_blockwise_quantized_tensor_value_v2 accesses dims[1]
without checking num_dims >= 2. With num_dims=1, dims[1] reads past the
caller-provided array — heap buffer overflow (confirmed with ASAN).
Bug 2: reshape_resize_bilinear_operator reads dim[0..3] without
checking num_dims >= 4. Missed by commit d45f452 which added this
check to other operators.
Bug 3: reshape_rope_operator accesses dim[num_dims-3] without checking
num_dims >= 3. With num_dims < 3, unsigned underflow in index
calculation.
--
3d7a7d6 by mohammadmseet-hue mohammadmseet@gmail.com:
Fix stack buffer overflow in static_slice and missing bounds checks in copy ops
Bug 1 — Stack buffer overflow in xnn_define_static_slice (static-slice.c:275-277)
xnn_define_static_slice() uses a local int64_t signed_offsets[XNN_MAX_TENSOR_DIMS]
(6 elements) array but iterates num_dims times without checking num_dims <= 6.
With num_dims=10, the loop writes 80 bytes into a 48-byte stack buffer — 32 bytes
of attacker-controlled stack corruption. Same pattern as Bug 1 in PR #9778.
xnn_define_static_slice_v2() has the identical issue with ends[XNN_MAX_TENSOR_DIMS].
Bug 2 — Missing bounds check in xnn_define_static_slice_v3 (static-slice.c:257-258)
memcpy(node->params.slice.begins, begins, num_dims * sizeof(int64_t)) writes
num_dims*8 bytes into begins[6] (48 bytes) without bounds checking.
Bug 3 — Missing bounds check in define_copy_node (copy.c:477)
memcpy into node->params.static_reshape.new_shape.dim without checking num_dims.
Affects xnn_define_static_reshape, xnn_define_static_expand_dims,
xnn_define_fuse_dims, and xnn_define_split_dim.
--
28e1a13 by mohammadmseet-hue mohammadmseet@gmail.com:
Fix stack buffer overflow in batch matrix multiply reshape
reshape_batch_matrix_multiply_nc() uses local arrays
batch_dims_c[XNN_MAX_TENSOR_DIMS] (6 elements) and
batch_strides_c[XNN_MAX_TENSOR_DIMS] (6 elements) but iterates
num_batch_dims times without checking num_batch_dims <= 6.
With num_batch_dims=10, writes past both 48-byte stack buffers.
Attacker-controlled values from batch_dims_a/b are written to the
overflow region — controlled stack corruption.
Reachable from all public xnn_reshape_batch_matrix_multiply_nc_*
APIs (f16, f32, pf16, pf32, qs8, qd8_f32_qc8w, qp8_f32_qc8w,
qdu8_f32_qc8w, bf16_f32).
FUTURE_COPYBARA_INTEGRATE_REVIEW=#9833 from mohammadmseet-hue:fix/bmm-num-batch-dims-check 28e1a13