From 57710fb4044efa63b4a8127840a333eb78d2e274 Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Wed, 11 Jun 2025 15:02:09 +0900 Subject: [PATCH] wasi_nn_openvino.c: add a missing buffer overflow check in get_output cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4351 --- core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c b/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c index dcfec1ccb8..200135cfe6 100644 --- a/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c +++ b/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c @@ -461,6 +461,11 @@ get_output(void *ctx, graph_execution_context exec_ctx, uint32_t index, CHECK_OV_STATUS(ov_tensor_get_byte_size(ov_tensor, &byte_size), ret); + if (byte_size > *output_tensor_size) { + ret = too_large; + goto fail; + } + CHECK_OV_STATUS(ov_tensor_data(ov_tensor, &data), ret); memcpy(output_tensor, data, byte_size);