Skip to content

Fix heap OOB write in MaxPoolGrad via indices bounds validation#27903

Merged
vraspar merged 3 commits intomainfrom
vraspar/fix-maxpoolgrad-oob-write
Apr 16, 2026
Merged

Fix heap OOB write in MaxPoolGrad via indices bounds validation#27903
vraspar merged 3 commits intomainfrom
vraspar/fix-maxpoolgrad-oob-write

Conversation

@vraspar
Copy link
Copy Markdown
Contributor

@vraspar vraspar commented Mar 30, 2026

Description

MaxPoolGrad uses Indices tensor values as raw pointer offsets into the output buffer without bounds checking. A malicious model can supply arbitrary index values to write to arbitrary heap locations.

Fix: Validate each index is in [0, dX_size) before use via ORT_RETURN_IF, returning an error for out-of-range values.

@vraspar vraspar requested a review from Copilot March 30, 2026 20:44
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR mitigates a heap out-of-bounds write vulnerability in the training MaxPoolGrad CPU kernel by validating Indices values before using them as offsets into the dX output buffer.

Changes:

  • Add per-element bounds checking for Indices in MaxPoolGrad to prevent OOB writes.
  • Add unit tests covering valid indices, boundary indices, and negative/overflow indices failure cases.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
orttraining/orttraining/training_ops/cpu/nn/pool_gradient_op.cc Adds bounds validation for index offsets prior to accumulating into dX.
orttraining/orttraining/test/training_ops/cpu/nn/pool_gradient_op_test.cc Adds regression tests validating correct behavior and erroring on out-of-range indices.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread orttraining/orttraining/training_ops/cpu/nn/pool_gradient_op.cc Outdated
@vraspar vraspar requested a review from Copilot March 30, 2026 21:01
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread orttraining/orttraining/training_ops/cpu/nn/pool_gradient_op.cc Outdated
Comment thread orttraining/orttraining/test/training_ops/cpu/nn/pool_gradient_op_test.cc
@vraspar vraspar requested a review from Copilot April 1, 2026 22:11
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vraspar vraspar requested a review from edgchen1 April 3, 2026 21:24
@vraspar vraspar mentioned this pull request Apr 3, 2026
Closed
@vraspar vraspar requested a review from tianleiwu April 9, 2026 21:23
@adrianlizarraga
Copy link
Copy Markdown
Contributor

adrianlizarraga commented Apr 10, 2026

qq: Do we have any CI that runs orttraining tests?

tianleiwu
tianleiwu approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tianleiwu tianleiwu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the current head. The CPU MaxPoolGrad bounds check is placed before the pointer arithmetic, preserves the existing dY/Indices shape invariant, and returns a diagnosable INVALID_ARGUMENT status for bad index values. The added CPU tests cover valid indices plus negative, too-large, last-valid, and first-invalid boundary cases. I did not find any blocking issues.

@vraspar vraspar enabled auto-merge (squash) April 13, 2026 20:40
@vraspar vraspar force-pushed the vraspar/fix-maxpoolgrad-oob-write branch from 445e6aa to a3dd913 Compare April 14, 2026 20:37
@vraspar
Copy link
Copy Markdown
Contributor Author

vraspar commented Apr 14, 2026

Rebased since PR #27930 is needed to pass the CI

@vraspar vraspar force-pushed the vraspar/fix-maxpoolgrad-oob-write branch from a3dd913 to f248dc7 Compare April 15, 2026 23:15
@vraspar vraspar merged commit 0e73535 into main Apr 16, 2026
96 checks passed
@vraspar vraspar deleted the vraspar/fix-maxpoolgrad-oob-write branch April 16, 2026 01:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tianleiwu tianleiwu tianleiwu approved these changes

@edgchen1 edgchen1 Awaiting requested review from edgchen1

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vraspar @adrianlizarraga @tianleiwu