Skip to content

Arm backend: Fix integer overflow in VGFBackend IO size computation#19256

Merged
lucylq merged 1 commit into
mainfrom
security27-fix-overflows-arm
May 12, 2026
Merged

Arm backend: Fix integer overflow in VGFBackend IO size computation#19256
lucylq merged 1 commit into
mainfrom
security27-fix-overflows-arm

Conversation

@lucylq
Copy link
Copy Markdown
Contributor

@lucylq lucylq commented May 1, 2026
edited by pytorch-bot Bot
Loading

Replace std::accumulate with std::multiplies<>() with an explicit loop using c10::mul_overflows() to detect overflow before each multiplication. The previous code would silently wrap on overflow, producing an undersized memcpy size that could lead to out-of-bounds reads/writes when copying tensor data to/from Vulkan device memory.

Also reject negative dimensions before casting to size_t.

This PR was authored with the assistance of Claude.

cc @digantdesai @freddan80 @per @zingo @oscarandersson8218 @mansnils @Sebastian-Larsson @robell

@pytorch-bot
Copy link
Copy Markdown

pytorch-bot Bot commented May 1, 2026
edited
Loading

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/19256

Note: Links to docs will display an error until the docs builds have been completed.

❗ 1 Active SEVs

There are 1 currently active SEVs. If your PR is affected, please view them below:

✅ No Failures

As of commit e0be5f8 with merge base 02f9866 (image):
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label May 1, 2026
@github-actions github-actions Bot added ciflow/trunk module: arm Issues related to arm backend labels May 1, 2026
@lucylq
Copy link
Copy Markdown
Contributor Author

lucylq commented May 1, 2026

@claude review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

@claude
Copy link
Copy Markdown

claude Bot commented May 1, 2026
edited
Loading

Claude finished @lucylq's task in 1m 6s —— View job

Code Review: Fix integer overflow in VGFBackend IO size computation

  • Read the changed file and understand the context
  • Analyze the overflow fix implementation
  • Post review feedback

Overall: This is a solid security fix. The approach of using c10::mul_overflows with an explicit loop correctly detects overflow before each multiplication, and rejecting negative dimensions prevents signed-to-unsigned conversion issues. The error messages are clear and actionable.

Minor issues:

  1. <numeric> is now unused (backends/arm/runtime/VGFBackend.cpp:10). After removing std::accumulate, this include is dead. Consider removing it.
    Fix this →

  2. Duplicated logic for input/output loops (lines 195–206 and 240–251). The two size-computation blocks are identical. This is fine for a security fix PR — extracting a helper would change the scope. Just noting for future reference.

  3. Edge case: empty io->size vector (scalar tensor). If io->size is empty, the loop body never executes and io_size remains io->elt_size. This is correct — a scalar tensor should copy exactly one element — so no issue here, just confirming the behavior is intentional.

  4. Edge case: zero dimension. If any dimension is 0, io_size becomes 0, and memcpy(..., 0) is a no-op. This is well-defined behavior, so no concern.

Looks good to merge. The only actionable item is the stale <numeric> include — trivial to clean up now or later.

@lucylq lucylq force-pushed the security27-fix-overflows-arm branch 2 times, most recently from 37857e0 to 512c1e4 Compare May 11, 2026 18:37
@lucylq lucylq marked this pull request as ready for review May 11, 2026 18:47
@lucylq lucylq requested a review from digantdesai as a code owner May 11, 2026 18:47
Copilot AI review requested due to automatic review settings May 11, 2026 18:47
Copilot AI reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens VGFBackend’s IO buffer-size computation by adding explicit overflow checking and rejecting negative dimensions, preventing silent wraparound that could lead to incorrect memcpy sizes and potential out-of-bounds memory access when transferring tensor data to/from mapped Vulkan memory.

Changes:

  • Replaced std::accumulate(..., std::multiplies<>()) with an explicit loop using c10::mul_overflows() to detect multiplication overflow.
  • Added validation to reject negative IO dimensions before casting to size_t.
  • Updated includes to support safe numerics and PRId64 formatting.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread backends/arm/runtime/VGFBackend.cpp
Comment on lines +8 to +12
#include <cinttypes>
#include <list>
#include <numeric>
using namespace std;

#include <c10/util/safe_numerics.h>
Comment thread backends/arm/runtime/VGFBackend.cpp Outdated
*/

#include <cinttypes>
#include <list>
Comment thread backends/arm/runtime/VGFBackend.cpp
Comment on lines +195 to +206
size_t io_size = io->elt_size;
for (int64_t dim : io->size) {
ET_CHECK_OR_RETURN_ERROR(
dim >= 0,
InvalidArgument,
"Negative dimension in IO size: %" PRId64,
dim);
ET_CHECK_OR_RETURN_ERROR(
!c10::mul_overflows(io_size, static_cast<size_t>(dim), &io_size),
InvalidArgument,
"Overflow computing IO buffer size");
}
Arm backend: Fix integer overflow in VGFBackend IO size computation
e0be5f8 
Replace std::accumulate with std::multiplies<>() with an explicit loop
using c10::mul_overflows() to detect overflow before each multiplication.
The previous code would silently wrap on overflow, producing an
undersized memcpy size that could lead to out-of-bounds reads/writes
when copying tensor data to/from Vulkan device memory.

Also reject negative dimensions before casting to size_t.

Addresses TOB-EXECUTORCH-27.

This PR was authored with the assistance of Claude.
@lucylq lucylq force-pushed the security27-fix-overflows-arm branch from 512c1e4 to e0be5f8 Compare May 11, 2026 22:17
@lucylq lucylq merged commit 84f39aa into main May 12, 2026
557 of 560 checks passed
@lucylq lucylq deleted the security27-fix-overflows-arm branch May 12, 2026 16:07
usamahz pushed a commit to usamahz/executorch that referenced this pull request May 13, 2026
@lucylq @usamahz
Arm backend: Fix integer overflow in VGFBackend IO size computation (p…
22da9cf 
…ytorch#19256)

Replace std::accumulate with std::multiplies<>() with an explicit loop
using c10::mul_overflows() to detect overflow before each
multiplication. The previous code would silently wrap on overflow,
producing an undersized memcpy size that could lead to out-of-bounds
reads/writes when copying tensor data to/from Vulkan device memory.

Also reject negative dimensions before casting to size_t.

This PR was authored with the assistance of Claude.

cc @digantdesai @freddan80 @per @zingo @oscarandersson8218 @mansnils
@Sebastian-Larsson @robell

Co-authored-by: Github Executorch <github_executorch@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@digantdesai digantdesai digantdesai approved these changes

@JacobSzwejbka JacobSzwejbka JacobSzwejbka approved these changes

Assignees

No one assigned

Labels

ciflow/trunk CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. module: arm Issues related to arm backend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lucylq @digantdesai @JacobSzwejbka