Fix integer overflows in tensor byte-size computations

[lucylq]

Three tensor-byte-size multiplications had no overflow check, letting a malicious PTE trigger wrap-to-small size_t values while kernels iterate on the un-wrapped element count, producing heap buffer overflows.

Fixed here:

• extension/tensor/tensor_ptr.h: data.size() * elementSize(type) in make_tensor_ptr cast path.
• extension/tensor/tensor_ptr_maker.cpp: compute_numel(...) * elementSize(type) in empty_strided.
• runtime/core/tensor_layout.cpp: dim-product loop and final * elementSize(scalar_type) in calculate_nbytes; now returns Error::InvalidArgument on overflow since the function already returns Result<size_t>.

All guards use c10::mul_overflows, matching the existing pattern in MethodMeta::calculate_nbytes, the data loaders, and PlatformMemoryAllocator.

runtime/core/portable_type/tensor_impl.cpp is intentionally left alone in this branch; guarding the nbytes() / compute_numel multiplications there breaks internal callers and will be handled separately.

Authored with Claude.

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/19055

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❗ 1 Active SEVs

There are 1 currently active SEVs. If your PR is affected, please view them below:

• Rolling out OSDC (ARC) runners on pull & trunk workflows in PyTorch main

❌ 4 New Failures, 2 Unrelated Failures

As of commit a879332 with merge base 217ad45 ():

NEW FAILURES - The following jobs have failed:

• Cadence Build & Test / cpu-test / test-aot / test-aot (gh)
  backends/cadence/aot/tests/test_pass_filter.py::TestPassFiltering::test_filter_opt_level_None
• Cadence Build & Test / cpu-test / test-ops / test-ops (gh)
  examples/cadence/operators/test_requantize_op.py::CadenceRequantizeOpCases::test_cadence_requantize_out_05
• pull / test-qnn-buck-build-linux / linux-job (gh)
  RuntimeError: Command docker exec -t 130ed3f8ee0480418ed4ced9143f33f78a86ab948dd19ce0d0324c0ffd9d939d /exec failed with exit code 3
• pull / test-qnn-passes-linux / linux-job (gh)
  backends/qualcomm/tests/test_passes.py::TestPasses::test_mha_to_sha

FLAKY - The following job failed but was likely due to flakiness present on trunk:

• pull / unittest / windows / windows-job (gh) (matched win rule in flaky-rules.json)
  ##[error]The operation was canceled.

BROKEN TRUNK - The following job failed but was present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• pull / unittest-editable / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

[Copilot]

Pull request overview

This PR hardens tensor byte-size computations against integer overflow (wrap-to-small) scenarios that could otherwise lead to under-allocation and subsequent heap buffer overflows when kernels iterate using the true element count.

Changes:

• Add overflow-checked dimension product and * elementSize handling in TensorLayout byte-size calculation (returning Error::InvalidArgument on overflow).
• Add c10::mul_overflows guards for numel * elementSize in empty_strided().
• Add c10::mul_overflows guards for data.size() * elementSize when allocating cast buffers in make_tensor_ptr().

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
runtime/core/tensor_layout.cpp	Uses c10::mul_overflows to safely compute nbytes and returns InvalidArgument on overflow.
extension/tensor/tensor_ptr_maker.cpp	Adds overflow checking before allocating the backing std::vector<uint8_t> in empty_strided().
extension/tensor/tensor_ptr.h	Adds overflow checking for cast-buffer allocation when casting vector-backed tensor data.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In executor (non-ATen) builds, executorch::aten::compute_numel() ultimately multiplies sizes using signed ssize_t arithmetic without overflow checks. That means the earlier data.size() == compute_numel(...) validation can itself invoke signed-overflow UB for large shapes, and may incorrectly succeed with a wrapped result. Since this block then allocates based on data.size(), you can end up with a tensor whose declared shape is inconsistent with its backing storage.

To make the new overflow-checked allocation meaningful, consider replacing the compute_numel(...) usage in this overload with a local, overflow-checked size_t product over sizes (similar to the mul_overflows loop used elsewhere), and compare against data.size() only after that succeeds.

[Copilot]

The new overflow handling in calculate_nbytes() changes behavior to return Error::InvalidArgument on overflow, but runtime/core/test/tensor_layout_test.cpp currently has no coverage for this path. Add a unit test that uses sizes whose product (or product * elementSize) overflows size_t (e.g., {INT32_MAX, INT32_MAX} with ScalarType::Double on 64-bit) and assert TensorLayout::create() returns InvalidArgument.

[Copilot]

empty_strided() still relies on executorch::aten::compute_numel() (which returns ssize_t and, in executor mode, multiplies sizes using signed arithmetic without overflow checks). If the size product overflows inside compute_numel, that's undefined behavior and may yield a wrapped numel before you even reach the mul_overflows(numel, elem_size, ...) guard.

Consider computing numel locally using size_t + c10::mul_overflows over the sizes vector (and validating non-negative sizes) so the overflow is caught deterministically before any UB occurs, then multiply by elem_size as you do now.

Suggested change

	const auto numel = static_cast<size_t>(
	executorch::aten::compute_numel(sizes.data(), sizes.size()));
	size_t numel = 1;
	for (const auto dim : sizes) {
	ET_CHECK_MSG(
	dim >= 0,
	"empty_strided requires non-negative sizes, got %zd",
	static_cast<ssize_t>(dim));
	size_t next_numel = 0;
	ET_CHECK_MSG(
	!c10::mul_overflows(
	numel, static_cast<size_t>(dim), &next_numel),
	"empty_strided size overflow while computing numel: %zu * %zu",
	numel,
	static_cast<size_t>(dim));
	numel = next_numel;
	}

[meta-codesync]

@lucylq has imported this pull request. If you are a Meta employee, you can view this in D102058400.

[lucylq]

need to use safe_numel here.