Improve SparseTensors public API input validation as well as sparse utilities#28227
Improve SparseTensors public API input validation as well as sparse utilities#28227yuslepukhin merged 7 commits intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR hardens ONNX Runtime sparse tensor handling by adding stricter index/bounds validation (COO/CSR), switching key size computations to SafeInt, and improving Python sparse tensor views to keep backing memory alive when exposed to NumPy.
Changes:
- Add COO/CSR index validation in the C API entry points and sparse conversion utilities to reduce invalid access risk.
- Use
SafeIntfor index/byte-size calculations in sparse tensor proto unpacking and dense materialization paths. - Update pybind sparse tensor/view methods so NumPy arrays keep the owning Python object alive.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| onnxruntime/core/session/onnxruntime_c_api.cc | Adds COO/CSR index validation for public C APIs (Fill*/Use*). |
| onnxruntime/core/framework/sparse_utils.cc | Adds additional bounds checks and overflow-safe index math in sparse-to-dense conversions. |
| onnxruntime/core/framework/tensorprotoutils.cc | Uses SafeInt for sparse proto raw-data size and dense buffer sizing. |
| onnxruntime/python/onnxruntime_pybind_sparse_tensor.cc | Fixes NumPy “base object” lifetime management for sparse indices/values views. |
| onnxruntime/test/shared_lib/test_nontensor_types.cc | Adds C API tests for invalid COO/CSR indices (exception builds). |
| onnxruntime/test/framework/sparse_kernels_test.cc | Adds model-loading + sparse_utils conversion tests for negative/out-of-range indices. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
vraspar
left a comment
vraspar
left a comment
There was a problem hiding this comment.
Nice work on this security fix. The validation is thorough, SafeInt usage is correct, and the pybind11 lifetime fix is a real improvement.
Suggestion (follow-up): The COO index validation in FillSparseTensorCoo and UseCooIndices is nearly identical (~30 lines each), and same for the CSR validation pair. Not suggesting a change on this PR since keeping a security fix self-contained makes sense, but a follow-up to extract shared helpers like ValidateCooIndices()/ValidateCsrIndices() would prevent these from drifting apart over time.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This pull request significantly improves the safety and robustness of sparse tensor handling in ONNX Runtime. The main focus is on adding thorough bounds checking and using safe integer arithmetic to prevent overflows and invalid memory accesses when working with sparse tensor indices. Additionally, the Python bindings for sparse tensors are refactored to ensure correct object lifetimes and memory management when exposing data to NumPy.
Sparse Tensor Index Validation and Safety
onnxruntime_c_api.cc) and core conversion utilities, ensuring indices are within valid ranges and, for CSR, that outer indices are non-decreasing and within bounds. [1] [2] [3] [4] [5] [6]SafeIntfor all index and size calculations to prevent integer overflows, especially when converting between types or computing dense tensor offsets. [1] [2] [3] [4] [5]Python Bindings Improvements
General Code Quality
safeint.hto ensureSafeIntis available where needed.These changes collectively make sparse tensor support in ONNX Runtime safer, more reliable, and easier to use from both C++ and Python.