Skip to content

Commit b5c3a17

Browse files
OctavianGuzupytorchmergebot
authored andcommitted
[fuzzing result][fuzz_torch_jit_lite_interpreter] read-heap-buffer-overflow-far-from-bounds (size 4) in c10::IValue::IValue() (#110441)
Summary: This diff fixes a heap underflow found by fuzzing in torch/csrc/jit/runtime/vararg_functions.cpp Test Plan: CI and ``` arc lionhead crash reproduce 1753074381791061 ``` doesn't crash anymore. Differential Revision: D49537535 Pull Request resolved: #110441 Approved by: https://github.com/Skylion007
1 parent da63c7f commit b5c3a17

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: torch/csrc/jit/runtime/vararg_functions.cpp

+3
Original file line numberDiff line numberDiff line change
@@ -267,6 +267,9 @@ void listUnpack(Stack& stack, size_t num_outputs) {
267267
}
268268

269269
void tupleConstruct(Stack& stack, size_t num_inputs) {
270+
if (num_inputs > stack.size()) {
271+
TORCH_CHECK(false, "Invalid number of inputs: ", num_inputs);
272+
}
270273
switch (num_inputs) {
271274
case 0:
272275
stack.emplace_back(c10::ivalue::Tuple::create());

0 commit comments

Comments
 (0)