Skip to content

Fix write-heap-buffer-overflow in copy_out #15584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 11, 2025
Merged

Fix write-heap-buffer-overflow in copy_out #15584

merged 1 commit into from
Nov 11, 2025

Conversation

@lucylq
Copy link
Contributor

@lucylq lucylq commented Nov 4, 2025
edited
Loading

Summary:

Check that out.nbytes() is at least as large as src.nbytes() to prevent copying beyond the range of src.

Also add a check on dtypes, make sure out and src dtypes are the same. Otherwise we may copy the wrong dtype without conversion.

The crash is a write-heap-buffer-overflow that occurs in the torch::executor::native::copy_out function. The root cause is that the std::memcpy operation in this function does not check if the destination buffer out is large enough to hold the data from the source tensor src. Specifically, the condition internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes()) checks if the sizes of out and src match, ignoring any leading dimensions of size 1 in out, but it does not guarantee that out.nbytes() is greater than or equal to src.nbytes().

The patch fixes the crash by adding an additional check out.nbytes() >= src.nbytes() before performing the std::memcpy operation. This ensures that the destination buffer out is large enough to hold the data from src, preventing the buffer overflow.

if (internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes()) &&
    src.numel() > 0 && out.nbytes() >= src.nbytes()) {
  std::memcpy(out.mutable_data_ptr(), src.const_data_ptr(), src.nbytes());
}

Other considerations that reviewers should take into account when validating the patch include verifying that the additional check does not introduce any performance regressions and that it correctly handles edge cases, such as when src is empty or when out and src have different data types. Reviewers should also check that the patch does not affect the functionality of the copy_out function in other scenarios. Additionally, it is worth verifying that the fix is consistent with the existing error handling and checking mechanisms in the copy_out function.

NOTE: This diff is entirely auto-generated by LLM-based patch generator.
Reviewer should carefully examine this diff as Lionhead does not guarrantee the
correctnesss of the patch beyond fixing the crash and passing existing tests.
Please commandeer this diff and revise as needed. Our bot does not respond to
comments or revision requests (yet).

Differential Revision: D80885980

@pytorch-bot
Copy link

pytorch-bot bot commented Nov 4, 2025
edited
Loading

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/15584

Note: Links to docs will display an error until the docs builds have been completed.

❌ 2 New Failures, 4 Unrelated Failures

As of commit cec4b7b with merge base 2f4ad68 (image):

NEW FAILURES - The following jobs have failed:

BROKEN TRUNK - The following jobs failed but were present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

This comment was automatically generated by Dr. CI and updates every 15 minutes.

@meta-codesync
Copy link

meta-codesync bot commented Nov 4, 2025

@lucylq has exported this pull request. If you are a Meta employee, you can view the originating Diff in D80885980.

@meta-cla meta-cla bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Nov 4, 2025
@github-actions
Copy link

github-actions bot commented Nov 4, 2025

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

@lucylq lucylq mentioned this pull request Nov 5, 2025
Closed
@lucylq lucylq requested a review from JacobSzwejbka November 5, 2025 17:33
JacobSzwejbka
JacobSzwejbka reviewed Nov 5, 2025
View reviewed changes
kernels/portable/cpu/op_copy.cpp
// non-empty
if (internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes()) &&
src.numel() > 0) {
src.numel() > 0 && out.nbytes() >= src.nbytes() &&
Copy link
Contributor

@JacobSzwejbka JacobSzwejbka Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@manuelcandales if numel are equal but nbytes isnt then should we be promoting the dtype here? Im not actually sure what copy_ does for mixed dtype?

Copy link
Contributor Author

@lucylq lucylq Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JacobSzwejbka If nbytes isn't equal, it should go into the else statement, which I think handles different dtypes

lucylq added a commit to lucylq/executorch-1 that referenced this pull request Nov 6, 2025
@lucylq @facebook-github-bot
Fix write-heap-buffer-overflow in copy_out (pytorch#15584)
5cf4e04 
Summary:

Also add a check on dtypes, make sure out and src dtypes are the same. Otherwise we may copy the wrong dtype without conversion.

And fix the same issue in copy_
---

The crash is a write-heap-buffer-overflow that occurs in the `torch::executor::native::copy_out` function. The root cause is that the `std::memcpy` operation in this function does not check if the destination buffer `out` is large enough to hold the data from the source tensor `src`. Specifically, the condition `internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes())` checks if the sizes of `out` and `src` match, ignoring any leading dimensions of size 1 in `out`, but it does not guarantee that `out.nbytes()` is greater than or equal to `src.nbytes()`.

The patch fixes the crash by adding an additional check `out.nbytes() >= src.nbytes()` before performing the `std::memcpy` operation. This ensures that the destination buffer `out` is large enough to hold the data from `src`, preventing the buffer overflow.

```cpp
if (internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes()) &&
    src.numel() > 0 && out.nbytes() >= src.nbytes()) {
  std::memcpy(out.mutable_data_ptr(), src.const_data_ptr(), src.nbytes());
}
```

Other considerations that reviewers should take into account when validating the patch include verifying that the additional check does not introduce any performance regressions and that it correctly handles edge cases, such as when `src` is empty or when `out` and `src` have different data types. Reviewers should also check that the patch does not affect the functionality of the `copy_out` function in other scenarios. Additionally, it is worth verifying that the fix is consistent with the existing error handling and checking mechanisms in the `copy_out` function.

NOTE: This diff is entirely auto-generated by LLM-based patch generator.
Reviewer should carefully examine this diff as Lionhead does not guarrantee the
correctnesss of the patch beyond fixing the crash and passing existing tests.
Please commandeer this diff and revise as needed. Our bot does not respond to
comments or revision requests (yet).

Differential Revision: D80885980
@lucylq @facebook-github-bot
Fix write-heap-buffer-overflow in copy_out (pytorch#15584)
cec4b7b 
Summary:

Also add a check on dtypes, make sure out and src dtypes are the same. Otherwise we may copy the wrong dtype without conversion.

And fix the same issue in copy_
---

The crash is a write-heap-buffer-overflow that occurs in the `torch::executor::native::copy_out` function. The root cause is that the `std::memcpy` operation in this function does not check if the destination buffer `out` is large enough to hold the data from the source tensor `src`. Specifically, the condition `internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes())` checks if the sizes of `out` and `src` match, ignoring any leading dimensions of size 1 in `out`, but it does not guarantee that `out.nbytes()` is greater than or equal to `src.nbytes()`.

The patch fixes the crash by adding an additional check `out.nbytes() >= src.nbytes()` before performing the `std::memcpy` operation. This ensures that the destination buffer `out` is large enough to hold the data from `src`, preventing the buffer overflow.

```cpp
if (internal::sizes_match_ignoring_leading_1s(out.sizes(), src.sizes()) &&
    src.numel() > 0 && out.nbytes() >= src.nbytes()) {
  std::memcpy(out.mutable_data_ptr(), src.const_data_ptr(), src.nbytes());
}
```

Other considerations that reviewers should take into account when validating the patch include verifying that the additional check does not introduce any performance regressions and that it correctly handles edge cases, such as when `src` is empty or when `out` and `src` have different data types. Reviewers should also check that the patch does not affect the functionality of the `copy_out` function in other scenarios. Additionally, it is worth verifying that the fix is consistent with the existing error handling and checking mechanisms in the `copy_out` function.

NOTE: This diff is entirely auto-generated by LLM-based patch generator.
Reviewer should carefully examine this diff as Lionhead does not guarrantee the
correctnesss of the patch beyond fixing the crash and passing existing tests.
Please commandeer this diff and revise as needed. Our bot does not respond to
comments or revision requests (yet).

Reviewed By: JacobSzwejbka

Differential Revision: D80885980
@meta-codesync meta-codesync bot merged commit 652cc5a into pytorch:main Nov 11, 2025
139 of 146 checks passed
@lucylq
Copy link
Contributor Author

lucylq commented Nov 12, 2025

@pytorchbot cherry-pick --onto release/1.0 -c critical

pytorchbot pushed a commit that referenced this pull request Nov 12, 2025
@lucylq @pytorchbot
Fix write-heap-buffer-overflow in copy_out
5dcf5c6 
Differential Revision: D80885980

Pull Request resolved: #15584

(cherry picked from commit 652cc5a)
@pytorchbot
Copy link
Collaborator

pytorchbot commented Nov 12, 2025

Cherry picking #15584

The cherry pick PR is at #15784 and it is recommended to link a critical cherry pick PR with an issue. The following tracker issues are updated:

Details for Dev Infra team Raised by workflow job

@pytorchbot pytorchbot mentioned this pull request Nov 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JacobSzwejbka JacobSzwejbka JacobSzwejbka approved these changes

@manuelcandales manuelcandales Awaiting requested review from manuelcandales manuelcandales is a code owner

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. fb-exported meta-exported

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lucylq @pytorchbot @JacobSzwejbka