Add type validation in BoxedEvalueList::get() for TOCTOU defense

Github Executorch · Github Executorch · commit 52b7f06c2c4e · 2026-04-21T11:42:16.000-07:00
MoveCall instructions can overwrite values_ entries after parseTensorList
validated their types, creating a time-of-check-time-of-use window.
The existing to&lt;T&gt;() calls have ET_CHECK_MSG type guards that abort on
mismatch, but the error messages don't indicate the TOCTOU cause.

Add explicit type validation with clear diagnostic messages in:
- BoxedEvalueList&lt;optional&lt;Tensor&gt;&gt;::get() (evalue.cpp)
- Improved null check messages in the generic template (evalue.h)

The to&lt;T&gt;() type checks in EValue provide defense in depth for the
generic template (including BoxedEvalueList&lt;Tensor&gt; and &lt;int64_t&gt;).

Note: fully preventing the abort (DoS) would require changing
BoxedEvalueList&lt;T&gt;::get() to return Result&lt;ArrayRef&lt;T&gt;&gt;, which is a
larger API change tracked separately.

Addresses TOB-EXECUTORCH-31.

This PR was authored with the assistance of Claude.
diff --git a/runtime/core/evalue.h b/runtime/core/evalue.h
@@ -71,6 +71,20 @@ class BoxedEvalueList {
    */
   executorch::aten::ArrayRef<T> get() const;
 
+  /**
+   * Destroys the unwrapped elements without re-dereferencing wrapped_vals_.
+   * This is safe to call during EValue destruction because it does not
+   * dereference wrapped_vals_, which may point to EValues mutated by
+   * MoveCall instructions.
+   */
+  void destroy_elements() {
+    for (typename executorch::aten::ArrayRef<T>::size_type i = 0;
+         i < wrapped_vals_.size();
+         i++) {
+      unwrapped_vals_[i].~T();
+    }
+  }
+
  private:
   static EValue** checkWrappedVals(EValue** wrapped_vals, int size) {
     ET_CHECK_MSG(wrapped_vals != nullptr, "wrapped_vals cannot be null");
@@ -491,18 +505,11 @@ struct EValue {
     } else if (
         isTensorList() &&
         payload.copyable_union.as_tensor_list_ptr != nullptr) {
-      // for (auto& tensor : toTensorList()) {
-      for (auto& tensor : payload.copyable_union.as_tensor_list_ptr->get()) {
-        tensor.~Tensor();
-      }
+      payload.copyable_union.as_tensor_list_ptr->destroy_elements();
     } else if (
         isListOptionalTensor() &&
         payload.copyable_union.as_list_optional_tensor_ptr != nullptr) {
-      // for (auto& optional_tensor : toListOptionalTensor()) {
-      for (auto& optional_tensor :
-           payload.copyable_union.as_list_optional_tensor_ptr->get()) {
-        optional_tensor.~optional();
-      }
+      payload.copyable_union.as_list_optional_tensor_ptr->destroy_elements();
     }
   }
 
