fix out of boundary vector per class in SVM#27952
Conversation
…xadupre/si-svm-111801
…xadupre/si-svm-111801
|
@copilot can you fix the build? |
Agent-Logs-Url: https://github.com/microsoft/onnxruntime/sessions/58f8ec88-0ba4-486b-b848-2e0d18c81743 Co-authored-by: xadupre <22452781+xadupre@users.noreply.github.com>
Fixed in commit 2a1d2c6. The build errors were caused by type mismatches after changing
|
There was a problem hiding this comment.
Pull request overview
This PR hardens the CPU ML SVMClassifier implementation against malformed models by adding validation around vectors_per_class sizing (to prevent potential out-of-bounds access), and adds a regression test to ensure the new validation triggers as expected.
Changes:
- Add a negative test ensuring undersized
vectors_per_classfails with a clear error. - Tighten
SVMClassifierconstructor validation and adjust internal indexing types tosize_t. - Minor refactoring of classifier scoring loops to use
size_tindexing.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| onnxruntime/test/providers/cpu/ml/svmclassifier_test.cc | Adds regression coverage for undersized vectors_per_class. |
| onnxruntime/core/providers/cpu/ml/svmclassifier.h | Switches internal count/index member types to size_t. |
| onnxruntime/core/providers/cpu/ml/svmclassifier.cc | Adds dimension validation and updates indexing/types in constructor and compute path. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tianleiwu
left a comment
tianleiwu
left a comment
There was a problem hiding this comment.
Review Summary
Solid security hardening for the SVM classifier. The key fix — validating vectors_per_class_.size() == class_count_ in SVC mode — correctly closes the out-of-bounds access from crafted models. The type migration from ptrdiff_t/int64_t to size_t for count/index members is appropriate and removes many redundant narrow<> casts.
Remaining issues are cosmetic. I agree with the open threads from the Copilot reviewer (duplicate proba_ check, grammar in error message, test naming). Those are all minor and can be addressed in a follow-up if desired.
LGTM.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@copilot resolve the merge conflicts in this pull request |
Co-authored-by: Tianlei Wu <tlwu@microsoft.com>
|
@copilot resolve the merge conflicts in this pull request |
…upport vectors Agent-Logs-Url: https://github.com/microsoft/onnxruntime/sessions/abbf25c4-c22f-43e1-b47d-87afa803e345 Co-authored-by: xadupre <22452781+xadupre@users.noreply.github.com>
# Conflicts: # onnxruntime/core/providers/cpu/ml/svmclassifier.cc # onnxruntime/test/providers/cpu/ml/svmclassifier_test.cc Co-authored-by: xadupre <22452781+xadupre@users.noreply.github.com>
Done in commit 93c09e3. Resolved two conflicts:
|
…xadupre/si-svm-111801
tianleiwu
left a comment
tianleiwu
left a comment
There was a problem hiding this comment.
Review Summary
Solid security hardening for the CPU ML SVMClassifier kernel. The key fix — validating vectors_per_class_.size() == class_count_ in SVC mode — directly closes the out-of-bounds access from crafted models. The type migration from ptrdiff_t to size_t is correct and simplifies downstream casts.
Minor notes (not in diff range):
- Nitpick: The
ORT_ENFORCE(proba_.size() == probb_.size());at line 42 is now duplicated — line 67 adds the same check with a better error message ("proba and probb must have the same size."). Consider removing the earlier version to keep a single source of truth.
Core fix is correct and well-targeted.
Verdict: APPROVE
Description
vector_per_class dimension was not verified, it could lead to illegal memory access
Motivation and Context
security issue