Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible null pointer dereference in logging #6413

Open
apach301 opened this issue May 14, 2024 · 0 comments · May be fixed by #6415
Open

Possible null pointer dereference in logging #6413

apach301 opened this issue May 14, 2024 · 0 comments · May be fixed by #6415

Comments

@apach301
Copy link

apach301 commented May 14, 2024
edited

Hi,

I found some possible null pointer dereferences with Svace static analyzer.

  1. Possible dereference of NULL cache_provider in xnn_create_weights_cache_with_size():

    XNNPACK/src/runtime.c

    Lines 164 to 167 in f9bc6b4

    error:
    xnn_internal_release_weights_cache(cache_provider->context);
    return status;
    }

Bailing out occured with uninitialized cache_provider:

XNNPACK/src/runtime.c

Lines 131 to 143 in f9bc6b4

struct xnn_weights_cache_provider* cache_provider = NULL;
enum xnn_status status = xnn_status_uninitialized;
if ((xnn_params.init_flags & XNN_INIT_FLAG_XNNPACK) == 0) {
xnn_log_error("failed to create weights cache: XNNPACK is not initialized");
goto error;
}
cache_provider = xnn_allocate_zero_memory(sizeof(struct xnn_weights_cache_provider));
if (cache_provider == NULL) {
xnn_log_error("failed to allocate %zu bytes for weights cache provider descriptor", sizeof(struct xnn_weights_cache_provider));
goto error;
}

  1. Possible dereference of NULL resize_op in create_resize_bilinear2d_nhwc() during error logging:

    XNNPACK/src/operators/resize-bilinear-nhwc.c

    Lines 36 to 60 in f9bc6b4

    xnn_operator_t resize_op = NULL;
    enum xnn_status status = xnn_status_uninitialized;
    if ((xnn_params.init_flags & XNN_INIT_FLAG_XNNPACK) == 0) {
    xnn_log_error("failed to create %s operator: XNNPACK is not initialized",
    xnn_operator_type_to_string(operator_type));
    goto error;
    }
    status = xnn_status_invalid_parameter;
    if (output_width == 0 || output_height == 0) {
    xnn_log_error(
    "failed to reshape %s operator with %zux%zu output: output dimensions must be non-zero",
    xnn_operator_type_to_string(resize_op->type), output_width, output_height);
    return xnn_status_invalid_parameter;
    }
    if (max(output_width, output_height) >= 16777216) {
    xnn_log_error(
    "failed to reshape %s operator with %zux%zu output: output dimensions must be below 2**24",
    xnn_operator_type_to_string(resize_op->type), output_width, output_height);
    return xnn_status_unsupported_parameter;
    }
@apach301 apach301 linked a pull request May 14, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix logging errors apach301/XNNPACK
1 participant
@apach301