Commit e65ff91
committed
tools: plugin: ov_noise_suppression: validate model input shape dimensions
noise_suppression_load_model() and noise_suppression_first_iter() take
the input tensor shape directly from the OpenVINO model file via
nd->model->input(...).get_shape() and feed the resulting dimensions
into downstream size computations and allocations without any range
check.
A crafted or corrupted .xml/.bin model can specify dimensions that are
either zero (producing zero-sized allocations later written into) or
large enough that a subsequent multiplication overflows before being
used as a buffer length. Both lead to out-of-bounds memory access at
inference time. The same pattern exists for the per-iteration input
state shape, which is also read from the model.
After fetching each shape, walk its dimensions and reject the model
with -EINVAL if any dimension is zero or exceeds 1 << 24 (16 Mi
elements). The upper bound is well above any realistic noise
suppression tensor dimension and well below the point at which a
product of two such dimensions can overflow a 32-bit size on the
platforms this plugin targets, which closes the integer-overflow path
without rejecting valid models.
No functional change for well-formed models; malformed models now fail
the load instead of corrupting memory.
Reported-by: OrbisAI Security scanner (V-004, CWE-190)
Signed-off-by: OrbisAI Security <mediratta01.pally@gmail.com>1 parent 9cd055b commit e65ff91
1 file changed
Lines changed: 6 additions & 0 deletions
Lines changed: 6 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
85 | 85 | | |
86 | 86 | | |
87 | 87 | | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
88 | 91 | | |
89 | 92 | | |
90 | 93 | | |
| |||
141 | 144 | | |
142 | 145 | | |
143 | 146 | | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
144 | 150 | | |
145 | 151 | | |
146 | 152 | | |
| |||
0 commit comments