ICM fixes (2/n)

[hariharans29]

Description

Fixes 3 ICM issues:

https://portal.microsofticm.com/imp/v5/incidents/details/31000000575344/summary
https://portal.microsofticm.com/imp/v5/incidents/details/31000000575473/summary
https://portal.microsofticm.com/imp/v5/incidents/details/31000000574999/summary

Motivation and Context

Fix ICMs

[github-actions]

You can commit the suggested changes from lintrunner.

[Copilot]

Pull request overview

This PR addresses multiple ICM-reported robustness issues by hardening input/format validation and preventing integer overflow in buffer sizing across CPU GRU, ORT flatbuffer initializer loading, and SparseAttention input checks.

Changes:

• Add SafeInt-based element count calculation to prevent buffer size overflow in DeepCpu GRU allocations, plus a regression test.
• Improve ORT flatbuffer initializer loading validation (missing dims, null string entries) and adjust tensor-size computation to return Status, plus new tests.
• Fix SparseAttention key_total_sequence_lengths shape check and add range validation, plus new unit tests.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
onnxruntime/test/providers/cpu/rnn/deep_cpu_gru_op_test.cc	Adds a regression test asserting overflow in buffer element count throws.
onnxruntime/test/flatbuffers/flatbuffer_utils_test.cc	Adds tests for rejecting invalid flatbuffer initializers (null string entry, missing dims with external data).
onnxruntime/test/contrib_ops/sparse_attention_op_test.cc	Adds unit tests for SparseAttention key_total_sequence_lengths shape/value validation.
onnxruntime/core/providers/cpu/rnn/deep_cpu_gru.h	Declares a helper to compute buffer element counts safely.
onnxruntime/core/providers/cpu/rnn/deep_cpu_gru.cc	Implements SafeInt-based buffer element count helper and uses it for allocations.
onnxruntime/core/graph/graph_flatbuffers_utils.cc	Makes fbs tensor byte-size computation return Status, adds null checks, and hardens initializer loading.
onnxruntime/contrib_ops/cpu/sparse/sparse_attention_helper.h	Fixes shape validation logic and adds per-batch value range checks for total key lengths.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

onnxruntime/core/graph/graph_flatbuffers_utils.cc:223

• GetSizeInBytesFromFbsTensor now returns Status, but it still uses SafeInt arithmetic (std::accumulate with SafeInt and later multiplication). SafeInt overflows throw OnnxRuntimeException (see core/common/safeint.h), which would bypass the Status return path and can terminate model loading unexpectedly. Consider catching SafeInt exceptions (or using a non-throwing checked-multiply helper) and returning an INVALID_ARGUMENT/FAIL Status when dims multiplication overflows (and optionally validating dims are non-negative).

Status GetSizeInBytesFromFbsTensor(const fbs::Tensor& tensor, size_t& size_in_bytes) {
  const auto* fbs_dims = tensor.dims();
  ORT_RETURN_IF(nullptr == fbs_dims, "Missing dimensions for tensor. Invalid ORT format model.");

  auto num_elements = std::accumulate(fbs_dims->cbegin(), fbs_dims->cend(), SafeInt<size_t>(1),
                                      std::multiplies<>());

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

You can commit the suggested changes from lintrunner.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

onnxruntime/core/graph/graph_flatbuffers_utils.cc:223

• GetSizeInBytesFromFbsTensor now returns Status, but it still uses SafeInt arithmetic (std::accumulate and num_elements * byte_size_of_one_element) that will throw OnnxRuntimeException on overflow. That breaks the function’s contract and can bypass the caller’s ORT_RETURN_IF_ERROR flow. Consider catching overflow exceptions inside this function and returning an INVALID_ARGUMENT/FAIL Status instead (e.g., using ORT_TRY/ORT_CATCH).

Status GetSizeInBytesFromFbsTensor(const fbs::Tensor& tensor, size_t& size_in_bytes) {
  const auto* fbs_dims = tensor.dims();
  ORT_RETURN_IF(nullptr == fbs_dims, "Missing dimensions for tensor. Invalid ORT format model.");

  auto num_elements = std::accumulate(fbs_dims->cbegin(), fbs_dims->cend(), SafeInt<size_t>(1),
                                      std::multiplies<>());

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

You can commit the suggested changes from lintrunner.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.