Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix tf.raw_ops.TensorSummaryV2 vulnerability with invalid serialized_…
…summary_metadata.

Check that input is actually a scalar before treating it as such.

PiperOrigin-RevId: 445197183
  • Loading branch information
poulsbo authored and tensorflower-gardener committed Apr 28, 2022
1 parent 263ad6a commit 290bb05
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions tensorflow/core/kernels/summary_tensor_op.cc
Expand Up @@ -36,6 +36,10 @@ class SummaryTensorOpV2 : public OpKernel {
errors::InvalidArgument("tag must be scalar"));
const Tensor& tensor = c->input(1);
const Tensor& serialized_summary_metadata_tensor = c->input(2);
OP_REQUIRES(
c,
TensorShapeUtils::IsScalar(serialized_summary_metadata_tensor.shape()),
errors::InvalidArgument("serialized_summary_metadata must be scalar"));

Summary s;
Summary::Value* v = s.add_value();
Expand Down

0 comments on commit 290bb05

Please sign in to comment.