[CUDA] Add Validation of batch_indices in RoiAlign#27603
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
onnxruntime/core/providers/cuda/object_detection/roialign_impl.cu
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
This PR addresses a security issue in the CUDA implementation of the RoiAlign operator by adding a device-side bounds check for batch_indices to prevent out-of-bounds reads when batch_indices contains invalid values.
Changes:
- Pass
batch_sizeinto the CUDA RoiAlign kernel and validatebatch_indiceson-device. - Update CUDA RoiAlign implementation signatures (
RoiAlignImpl/RoIAlignForward) to carry the new parameter. - Add CUDA-specific unit tests that verify invalid
batch_indicesproduce zero outputs instead of triggering unsafe reads.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| onnxruntime/core/providers/cuda/object_detection/roialign.cc | Passes batch_size (from X shape) into the CUDA implementation call. |
| onnxruntime/core/providers/cuda/object_detection/roialign_impl.h | Extends RoiAlignImpl API to accept batch_size. |
| onnxruntime/core/providers/cuda/object_detection/roialign_impl.cu | Adds device-side batch_indices range check inside the CUDA kernel. |
| onnxruntime/core/providers/cpu/object_detection/roialign.cc | Moves/retains explanatory comments around host-only validation logic. |
| onnxruntime/test/providers/cpu/object_detection/roialign_test.cc | Adds CUDA-focused tests for out-of-range and negative batch_indices. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
onnxruntime/core/providers/cuda/object_detection/roialign_impl.cu
Outdated
Show resolved
Hide resolved
onnxruntime/test/providers/cpu/object_detection/roialign_test.cc
Outdated
Show resolved
Hide resolved
onnxruntime/test/providers/cpu/object_detection/roialign_test.cc
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
onnxruntime/test/providers/cpu/object_detection/roialign_test.cc
Outdated
Show resolved
Hide resolved
onnxruntime/test/providers/cpu/object_detection/roialign_test.cc
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
tianleiwu
changed the title
…n_cuda_validate_batch_indices
tianleiwu
deleted the
tlwu/20260309/roialign_cuda_validate_batch_indices
branch
Description
This PR implements a device-side bounds check for
batch_indicesin the RoiAlign CUDA operator. This is a follow-up to #27543, which fixed the same vulnerability in the CPU implementation.Previously, CheckROIAlignValidInput() only validated
batch_indiceswhen they were accessible on the host (CPU). For the CUDA EP,batch_indicesreside in GPU memory, so host-side validation would require an expensive GPU-to-CPU copy, which could also break CUDA graph capture.This change:
batch_sizefrom the host to the CUDA kernel.RoIAlignForwardkernel to ensure0 <= batch_index < batch_size.batch_indexis encountered, the kernel sets the output value for that specific RoI element to 0 and returns early for that thread.Impact
Validation
RoiAlignTestsuite.BatchIndicesOutOfRange_CUDAandBatchIndicesNegative_CUDAto verify that the CUDA provider correctly handles out-of-range batch indices.