Use SafeInt for size arithmetic in CPU tensor operators to prevent overflow#28060
Open
Use SafeInt for size arithmetic in CPU tensor operators to prevent overflow#28060
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
…tors SafeInt<size_t> cannot be implicitly converted in pointer addition or Eigen::Map constructor calls, causing ambiguous conversion errors. Explicitly cast to size_t after the overflow-checked computation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Replace unchecked
int64_tsize/offset arithmetic withSafeInt<size_t>across several CPU operator implementations to prevent silent integer overflow when computing buffer offsets and allocation sizes.All changed expressions compute non-negative element counts or byte offsets used in pointer arithmetic,
memset,std::copy_n,std::fill_n, or allocator calls. On models with large tensor dimensions the intermediate products (e.g.,N * C * H * W) can overflowint64_tbefore the result is used. Wrapping the leading factor inSafeInt<size_t>()ensures every intermediate multiplication is overflow-checked and produces asize_tresult.Motivation and Context
Integer overflow in size calculations can lead to undersized allocations, out-of-bounds memory access, or incorrect pointer offsets — all of which are security-sensitive. This change hardens the affected code paths against such overflow.
Key Changes
core/providers/cpu/tensor/grid_sample.ccSafeInt<size_t>, chain all factors through SafeInt instead of parenthesized sub-expressionscore/providers/cpu/tensor/affine_grid.ccSafeInt<size_t>core/providers/cpu/tensor/upsample_antialias.hnarrow<size_t>(a * b)andstatic_cast<size_t>(a * b)withSafeInt<size_t>(a) * bfor temp buffer sizes, span extents, and copy countscore/providers/cpu/nn/tfidfvectorizer.ccmemsetbyte-count computation withSafeIntcore/providers/cpu/quantization/qlinearconv.ccAlloc()/MakeUniquePtrsize computation withSafeIntcore/providers/cpu/quantization/quantize_linear.ccSafeIntcore/providers/cpu/sequence/sequence_ops.ccSplitToSequenceoffset and copy-count computations withSafeIntTesting
Existing unit tests cover the functional behavior of all affected operators. The change is purely defensive — it makes previously unchecked arithmetic throw on overflow instead of silently wrapping, with no change to behavior for in-range inputs.