Validate coefficients size in LinearRegressor to prevent OOB read

LinearRegressor treats the coefficients attribute as a [num_targets,
num_features] matrix and passes it directly to MLAS SGEMM. However,
num_features is derived from the input tensor at runtime, and no
validation ensured coefficients.size() == num_targets * num_features.
A malformed model could provide fewer coefficients than expected,
causing MlasSgemmTransposePackB to read past the buffer boundary.

Add a size check after num_features is computed but before the GEMM
dispatch to reject mismatched coefficients with a clear error message.

Files changed:
- onnxruntime/core/providers/cpu/ml/linearregressor.cc
- onnxruntime/test/providers/cpu/ml/linearregressor_test.cc

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: bmehta001

onnxruntime/core/providers/cpu/ml/linearregressor.cc

@@ -86,6 +86,16 @@ Status LinearRegressor::Compute(OpKernelContext* ctx) const {
   ptrdiff_t num_batches = input_shape.NumDimensions() <= 1 ? 1 : narrow<ptrdiff_t>(input_shape[0]);
   ptrdiff_t num_features = input_shape.NumDimensions() <= 1 ? narrow<ptrdiff_t>(input_shape.Size())
                                                             : narrow<ptrdiff_t>(input_shape[1]);
+
+  // Coefficients are treated as a [num_targets, num_features] matrix.
+  // Validate size to prevent out-of-bounds reads in the GEMM backend.
+  if (coefficients_.size() != static_cast<size_t>(num_targets_) * static_cast<size_t>(num_features)) {
+    return ORT_MAKE_STATUS(ONNXRUNTIME, INVALID_ARGUMENT,
+                           "LinearRegressor: coefficients attribute size (", coefficients_.size(),
+                           ") does not match targets (", num_targets_,
+                           ") * input features (", num_features, ")");
+  }
+
   Tensor& Y = *ctx->Output(0, {num_batches, num_targets_});
   concurrency::ThreadPool* tp = ctx->GetOperatorThreadPool();
 

onnxruntime/test/providers/cpu/ml/linearregressor_test.cc

@@ -85,5 +85,18 @@ INSTANTIATE_TEST_SUITE_P(
                     LinearRegressorParam("SOFTMAX_ZERO", {3.442477e-14f, 1.f, 1.670142e-05f, 1.f, 1.0f, 0.f}, 2)
 
                         ));
+
+// Regression test: coefficients size must match targets * num_features.
+// A mismatch previously caused an out-of-bounds read in MLAS SGEMM packing.
+TEST(LinearRegressorTest, CoefficientsSizeMismatch) {
+  OpTester test("LinearRegressor", 1, onnxruntime::kMLDomain);
+  // 1 coefficient but input has 2 features and targets=1 → expects 2 coefficients
+  test.AddAttribute("coefficients", std::vector<float>{1.0f});
+  test.AddAttribute("targets", int64_t{1});
+  test.AddInput<float>("X", {1, 2}, {1.f, 2.f});
+  test.AddOutput<float>("Y", {1, 1}, {0.f});
+  test.Run(OpTester::ExpectResult::kExpectFailure, "coefficients attribute size");
+}
+
 }  // namespace test
 }  // namespace onnxruntime