Skip to content

Commit

Permalink
Fix tf.raw_ops.DepthwiseConv2dNativeBackpropInput vulnerability with …
Browse files Browse the repository at this point in the history 
…large input sizes.

Use AddDimWithStatus rather than AddDim in order to catch and report integer overflow gracefully.

PiperOrigin-RevId: 444989983
  • Loading branch information
@poulsbo @tensorflower-gardener
poulsbo authored and tensorflower-gardener committed Apr 27, 2022
1 parent 8f704c5 commit 3796cc4
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions tensorflow/core/kernels/depthwise_conv_grad_op.cc
View file
Expand Up @@ -625,7 +625,7 @@ class DepthwiseConv2dNativeBackpropInputOp : public OpKernel {
OP_REQUIRES(context, in_sizes_data[i] >= 0,
errors::InvalidArgument("Dimension ", i,
" of input_sizes must be >= 0"));
input_shape.AddDim(in_sizes_data[i]);
OP_REQUIRES_OK(context, input_shape.AddDimWithStatus(in_sizes_data[i]));
}
const TensorShape& filter_shape = filter.shape();
EXTRACT_AND_VERIFY_DIMENSIONS("DepthwiseConv2DBackpropInput");
Expand Down Expand Up @@ -1131,7 +1131,8 @@ class DepthwiseConv2dNativeBackpropFilterOp : public OpKernel {
OP_REQUIRES(context, filter_sizes_data[i] >= 0,
errors::InvalidArgument("Dimension ", i,
" of filter_sizes must be >= 0"));
filter_shape.AddDim(filter_sizes_data[i]);
OP_REQUIRES_OK(context,
filter_shape.AddDimWithStatus(filter_sizes_data[i]));
}
const TensorShape& input_shape = input.shape();
Expand Down

0 comments on commit 3796cc4

Please sign in to comment.