Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segfault in tf.image.crop_and_resize when boxes contains large value #42129

Closed
DNXie opened this issue Aug 7, 2020 · 7 comments · Fixed by #42143
Closed

segfault in tf.image.crop_and_resize when boxes contains large value #42129

DNXie opened this issue Aug 7, 2020 · 7 comments · Fixed by #42143
Assignees
Labels
comp:ops OPs related issues TF 2.2 Issues related to TF 2.2 type:bug Bug

Comments

@DNXie
Copy link

DNXie commented Aug 7, 2020

Please make sure that this is a bug. As per our
GitHub Policy,
we only address code/doc bugs, performance issues, feature requests and
build/installation issues on GitHub. tag:bug_template

System information

  • Have I written custom code (as opposed to using a stock example script provided in TensorFlow): No
  • OS Platform and Distribution (e.g., Linux Ubuntu 16.04): Linux Ubuntu 18.04
  • Mobile device (e.g. iPhone 8, Pixel 2, Samsung Galaxy) if the issue happens on mobile device: N/A
  • TensorFlow installed from (source or binary): binary
  • TensorFlow version (use command below): v2.2.0-rc4-8-g2b96f3662b 2.2.0
  • Python version: 3.6.9
  • Bazel version (if compiling from source): N/A
  • GCC/Compiler version (if compiling from source): N/A
  • CUDA/cuDNN version: N/A
  • GPU model and memory: N/A

Describe the current behavior
tf.image.crop_and_resize segfault when there is a very large value in boxes. Can also be reproduced in nightly version

Describe the expected behavior
Expect no segfault
Standalone code to reproduce the issue

import tensorflow as tf
tf.image.crop_and_resize(image=tf.zeros((2,1,1,1)), boxes=[[1.0e+40, 0,0,0]], box_indices=[1], crop_size=[1,1])

Other info / logs Include any logs or source code that would be helpful to
diagnose the problem. If including tracebacks, please include the full
traceback. Large logs and files should be attached.

Segmentation fault (core dumped)
@yongtang
Copy link
Member

yongtang commented Aug 8, 2020

Added a PR #42143 for the fix.

@ravikyram ravikyram added comp:ops OPs related issues TF 2.2 Issues related to TF 2.2 labels Aug 8, 2020
@google-ml-butler
Copy link

Are you satisfied with the resolution of your issue?
Yes
No

copybara-service bot pushed a commit that referenced this issue Oct 20, 2020
The issues have been fixed already and will land in next TF release.

PiperOrigin-RevId: 338160244
Change-Id: Ia275845f970b380331ee8a00b0619f5119730d66
@lvyuqi
Copy link

lvyuqi commented Apr 9, 2021

Does this issue affect the 1.15.5 version?
Corresponding CVE Vulnerability CVE-2020-15266

@mihaimaruseac
Copy link
Collaborator

Yes, but being low severity and given that patching 1.15 and 2.0 is extremely expensive we no longer patched it.

Recommendation is to update past 2.1

@mgmm13
Copy link

mgmm13 commented Sep 2, 2021

Hello, is there any chance that vulnerability fix will be applied in versions like 2.3.4?

@mihaimaruseac
Copy link
Collaborator

Hi. Not in 2.3.4, as the 2.3.x has reached end of life.

It is already included in 2.4.0 and later

@mgmm13
Copy link

mgmm13 commented Sep 3, 2021

@mihaimaruseac noted on this, thank you for the feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp:ops OPs related issues TF 2.2 Issues related to TF 2.2 type:bug Bug
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants