Skip to content

Fix heap OOB read in SVMRegressor via attribute size validation#27901

Merged
vraspar merged 5 commits intomainfrom
vraspar/fix_svmregressor_oob_validation
Apr 6, 2026
Merged

Fix heap OOB read in SVMRegressor via attribute size validation#27901
vraspar merged 5 commits intomainfrom
vraspar/fix_svmregressor_oob_validation

Conversation

@vraspar
Copy link
Copy Markdown
Contributor

@vraspar vraspar commented Mar 30, 2026
edited
Loading

Add ORT_ENFORCE checks in the SVMRegressor constructor to validate that coefficients, support_vectors, and rho attribute array sizes are consistent with the declared n_supports dimension. Without this validation, a crafted model with undersized arrays causes the GEMM inner loop to read past buffer boundaries.

This mirrors the existing validation already present in SVMClassifier.

  • Validate rho is non-empty (accessed as rho_[0] in LINEAR mode, passed to GEMM as bias in SVC mode)
  • Validate coefficients.size() >= vector_count_ in SVC mode
  • Validate feature_count_ > 0 after support_vectors division
  • Add two unit tests for undersized coefficients and support_vectors

@vraspar
Fix heap OOB read in SVMRegressor via attribute size validation
546a70a 
Add ORT_ENFORCE checks in the SVMRegressor constructor to validate that
coefficients, support_vectors, and rho attribute array sizes are consistent
with the declared n_supports dimension. Without this validation, a crafted
model with undersized arrays causes the GEMM inner loop to read past buffer
boundaries.

This mirrors the existing validation already present in SVMClassifier.

- Validate rho is non-empty (accessed as rho_[0] in LINEAR mode, passed
  to GEMM as bias in SVC mode)
- Validate coefficients.size() >= vector_count_ in SVC mode
- Validate feature_count_ > 0 after support_vectors division
- Add two unit tests for undersized coefficients and support_vectors
@vraspar vraspar requested a review from Copilot March 30, 2026 19:01
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the CPU ML SVMRegressor operator against crafted models by adding constructor-time attribute size validation to prevent heap out-of-bounds reads during the SVC/GEMM path, mirroring existing defensive checks in SVMClassifier.

Changes:

  • Add ORT_ENFORCE validations for rho, coefficients, and support_vectors sizing/consistency when n_supports > 0.
  • Ensure feature_count_ > 0 in SVC mode to avoid invalid derived dimensions from undersized support_vectors.
  • Add negative unit tests covering undersized coefficients and support_vectors attributes.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
onnxruntime/core/providers/cpu/ml/svmregressor.cc Adds attribute size/shape validation in SVMRegressor constructor to prevent OOB reads.
onnxruntime/test/providers/cpu/ml/svmregressor_test.cc Adds regression tests that assert failures for undersized model attributes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vraspar vraspar requested a review from justinchuby March 30, 2026 19:15
@vraspar
Update onnxruntime/core/providers/cpu/ml/svmregressor.cc
bc689aa 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@hariharans29 hariharans29 requested a review from Copilot March 30, 2026 19:58
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vraspar
Enforce support_vectors size is exact multiple of n_supports
35861be 
Address Copilot review: validate support_vectors_.size() % vector_count_ == 0
to catch malformed models where support_vectors is not evenly divisible by
n_supports, which would cause a debug-mode assert in batched_kernel_dot.
@vraspar vraspar requested a review from Copilot April 1, 2026 22:20
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

vraspar and others added 2 commits April 2, 2026 13:48
@vraspar
Update onnxruntime/test/providers/cpu/ml/svmregressor_test.cc
b2f1070 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@vraspar
Update onnxruntime/core/providers/cpu/ml/svmregressor.cc
ac84660 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@vraspar vraspar requested a review from hariharans29 April 3, 2026 21:14
@vraspar vraspar enabled auto-merge (squash) April 6, 2026 17:58
@vraspar vraspar merged commit 88266cc into main Apr 6, 2026
104 of 109 checks passed
@vraspar vraspar deleted the vraspar/fix_svmregressor_oob_validation branch April 6, 2026 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hariharans29 hariharans29 hariharans29 approved these changes

@justinchuby justinchuby Awaiting requested review from justinchuby

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vraspar @hariharans29