Security: Out-of-bounds tensor access from unvalidated edge indices#2026
Conversation
The CPU gather/scatter kernel reads vertex indices from `edges` and directly indexes `output_a[v0]`, `output_a[v1]`, `input_a[v1]`, and `input_a[v0]` without validating bounds. A crafted `edges` tensor containing negative or too-large indices can trigger out-of-bounds reads/writes, leading to crashes or memory corruption in the extension process. Affected files: gather_scatter_cpu.cpp Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
|
Hi @tuanaiseo! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks! |
1 participant
Problem
The CPU gather/scatter kernel reads vertex indices from
edgesand directly indexesoutput_a[v0],output_a[v1],input_a[v1], andinput_a[v0]without validating bounds. A craftededgestensor containing negative or too-large indices can trigger out-of-bounds reads/writes, leading to crashes or memory corruption in the extension process.Severity:
highFile:
pytorch3d/csrc/gather_scatter/gather_scatter_cpu.cppSolution
Before the loop, validate
edgesindex range withTORCH_CHECK(e.g., min >= 0 and max < num_vertices). Keep the same validation in CUDA and CPU paths, and fail fast on invalid input.Changes
pytorch3d/csrc/gather_scatter/gather_scatter_cpu.cpp(modified)Testing