Fix empty resource handle vulnerability.

Some ops that attempt to extract a resource handle from user input can lead to nullptr dereferences. This returns an error in such a case. PiperOrigin-RevId: 445571938
tensorflow · May 4, 2022 · 295ffc9 · 295ffc9
1 parent c112f65
commit 295ffc9
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/tensorflow/core/common_runtime/eager/execute.cc b/tensorflow/core/common_runtime/eager/execute.cc
@@ -303,6 +303,9 @@ Status GetDeviceForInput(const EagerContext& ctx, TensorHandle* tensor_handle,
     const Tensor* tensor;
     // TODO(fishx): Avoid blocking here.
     TF_RETURN_IF_ERROR(tensor_handle->Tensor(&tensor));
+    if (tensor->NumElements() == 0) {
+      return errors::InvalidArgument("Empty resource handle");
+    }
     const ResourceHandle& handle = tensor->flat<ResourceHandle>()(0);
     device_name = handle.device();