Skip to content

Guard MlasConvPrepare working-buffer products with SafeInt#29444

Open
apsonawane wants to merge 3 commits into
mainfrom
asonawane/edge-2
Open

Guard MlasConvPrepare working-buffer products with SafeInt#29444
apsonawane wants to merge 3 commits into
mainfrom
asonawane/edge-2

Conversation

@apsonawane

Copy link
Copy Markdown
Contributor

This pull request strengthens the safety of arithmetic operations in the convolution implementation by using SafeInt to prevent integer overflows, especially in cases where tensor shapes may be attacker-controlled. It also removes some compiler-specific warning pragmas that are no longer needed due to these changes.

Enhanced integer safety in convolution calculations:

  • Replaced raw size_t multiplications with SafeInt<size_t> for calculating input/output sizes and kernel dimensions, ensuring that any arithmetic overflow is caught and handled appropriately. This is particularly important for preventing security vulnerabilities from attacker-controlled tensor shapes. [1] [2]
  • Used SafeInt<size_t> for all working buffer size calculations, including those involving thread counts and batch/group products, to prevent buffer overflows and ensure correct memory allocation. [1] [2]

Code cleanup and maintenance:

  • Removed MSVC-specific warning suppression pragmas since SafeInt now guards against arithmetic overflow, making these warnings obsolete. [1] [2]
  • Added the core/common/safeint.h include to provide access to the SafeInt functionality.

MlasConvPrepare computed the im2col working-buffer size as raw size_t
multiplies of attacker-controlled tensor shape factors (OutputSize * K,
and the thread-partition product TargetThreadCount *
MLAS_CONV_WORKING_BUFFER_SIZE_PER_THREAD). The MSVC C26451
arithmetic-overflow lint that flags exactly this class was suppressed
by #pragma warning(disable : 26451) rather than the arithmetic being
guarded. On wrap, the CPU EP allocates a small working buffer and
MlasConvIm2Col then writes the full unwrapped count of floats past it
-- heap-buffer-overflow WRITE. Per-tensor element counts are already
SafeInt-checked, but the product across tensors was not.

Fix: accumulate dim products via SafeInt<size_t> and compute the final
working-buffer size with SafeInt-guarded multiplies. SafeInt throws on
overflow; the caller propagates as Status failure. Also guards the
adjacent BatchCount * GroupCount product. Removes the C26451
suppression block.

Adds #include "core/common/safeint.h" (already used elsewhere in
core/mlas/lib).

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens MLAS convolution preparation (MlasConvPrepare) against size_t overflow by moving several shape-dependent products into SafeInt<size_t> computations, and adds unit tests that validate overflow cases throw rather than silently producing wrapped sizes.

Changes:

  • Switched InputSize, OutputSize, and K accumulation in MlasConvPrepare to SafeInt<size_t> and materialized them as size_t only after checked multiplication.
  • Guarded working-buffer element-count products (OutputSize * K, TargetThreadCount * per_thread) using SafeInt<size_t>.
  • Added a new unit test file that constructs overflow-inducing shapes and validates exception behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
onnxruntime/core/mlas/lib/convolve.cpp Uses SafeInt<size_t> to validate shape-derived products and working-buffer size calculations in MlasConvPrepare.
onnxruntime/test/mlas/unittest/test_conv_prepare_safeint.cpp Adds gtest coverage to ensure overflow cases throw (instead of wrapping) and that small “happy path” inputs still work.

Comment thread onnxruntime/core/mlas/lib/convolve.cpp
Comment thread onnxruntime/test/mlas/unittest/test_conv_prepare_safeint.cpp Outdated
Comment thread onnxruntime/test/mlas/unittest/test_conv_prepare_safeint.cpp Outdated
Comment thread onnxruntime/test/mlas/unittest/test_conv_prepare_safeint.cpp Outdated
@apsonawane apsonawane enabled auto-merge (squash) June 30, 2026 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants