Skip to content

Revert D100115639 #18800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lucylq wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Revert D100115639 #18800

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion extension/data_loader/buffer_data_loader.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ class BufferDataLoader final : public executorch::runtime::DataLoader {
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= size_,
InvalidArgument,
"offset %zu + size %zu > size_ %zu, or overflow detected",
"offset %zu + size %zu > size_ %zu",
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check still uses c10::add_overflows(...) and fails when overflow is detected, but the error message no longer mentions overflow. Either restore the message text to include overflow, or restructure the validation so the message matches the actual failure conditions.

Suggested change
"offset %zu + size %zu > size_ %zu",
"offset %zu + size %zu overflows or exceeds size_ %zu",

Copilot uses AI. Check for mistakes.
offset,
size,
size_);
Expand Down
13 changes: 4 additions & 9 deletions extension/data_loader/file_data_loader.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
#include <sys/stat.h>
#include <sys/types.h>

#include <c10/util/safe_numerics.h>
#include <executorch/runtime/core/error.h>
#include <executorch/runtime/core/result.h>
#include <executorch/runtime/platform/log.h>
Expand Down Expand Up @@ -144,12 +143,10 @@ Result<FreeableBuffer> FileDataLoader::load(
fd_ >= 0,
InvalidState,
"Uninitialized");
size_t total_size;
bool overflow = c10::add_overflows(offset, size, &total_size);
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= file_size_,
offset + size <= file_size_,
InvalidArgument,
"File %s: offset %zu + size %zu > file_size_ %zu, or overflow detected",
"File %s: offset %zu + size %zu > file_size_ %zu",
file_name_,
offset,
size,
Expand Down Expand Up @@ -207,12 +204,10 @@ ET_NODISCARD Error FileDataLoader::load_into(
fd_ >= 0,
InvalidState,
"Uninitialized");
size_t total_size;
bool overflow = c10::add_overflows(offset, size, &total_size);
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= file_size_,
offset + size <= file_size_,
InvalidArgument,
"File %s: offset %zu + size %zu > file_size_ %zu, or overflow detected",
"File %s: offset %zu + size %zu > file_size_ %zu",
file_name_,
offset,
size,
Expand Down
13 changes: 4 additions & 9 deletions extension/data_loader/file_descriptor_data_loader.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
#include <sys/types.h>
#include <unistd.h>

#include <c10/util/safe_numerics.h>
#include <executorch/runtime/core/error.h>
#include <executorch/runtime/core/result.h>
#include <executorch/runtime/platform/log.h>
Expand Down Expand Up @@ -158,12 +157,10 @@ Result<FreeableBuffer> FileDescriptorDataLoader::load(
fd_ >= 0,
InvalidState,
"Uninitialized");
size_t total_size;
bool overflow = c10::add_overflows(offset, size, &total_size);
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= file_size_,
offset + size <= file_size_,
InvalidArgument,
"File %s: offset %zu + size %zu > file_size_ %zu, or overflow detected",
"File %s: offset %zu + size %zu > file_size_ %zu",
file_descriptor_uri_,
offset,
size,
Expand Down Expand Up @@ -221,12 +218,10 @@ ET_NODISCARD Error FileDescriptorDataLoader::load_into(
fd_ >= 0,
InvalidState,
"Uninitialized");
size_t total_size;
bool overflow = c10::add_overflows(offset, size, &total_size);
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= file_size_,
offset + size <= file_size_,
InvalidArgument,
"File %s: offset %zu + size %zu > file_size_ %zu, or overflow detected",
"File %s: offset %zu + size %zu > file_size_ %zu",
file_descriptor_uri_,
offset,
size,
Expand Down
7 changes: 2 additions & 5 deletions extension/data_loader/mmap_data_loader.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
#include <sys/stat.h>
#include <sys/types.h>

#include <c10/util/safe_numerics.h>
#include <executorch/extension/data_loader/mman.h>
#include <executorch/runtime/core/error.h>
#include <executorch/runtime/core/result.h>
Expand Down Expand Up @@ -160,12 +159,10 @@ Error MmapDataLoader::validate_input(size_t offset, size_t size) const {
fd_ >= 0,
InvalidState,
"Uninitialized");
size_t total_size;
bool overflow = c10::add_overflows(offset, size, &total_size);
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= file_size_,
offset + size <= file_size_,
InvalidArgument,
"File %s: offset %zu + size %zu > file_size_ %zu, or overflow detected",
"File %s: offset %zu + size %zu > file_size_ %zu",
file_name_,
offset,
size,
Expand Down
7 changes: 2 additions & 5 deletions extension/data_loader/shared_ptr_data_loader.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

#pragma once

#include <c10/util/safe_numerics.h>
#include <executorch/runtime/core/data_loader.h>
#include <executorch/runtime/core/error.h>
#include <executorch/runtime/core/result.h>
Expand All @@ -34,12 +33,10 @@ class SharedPtrDataLoader final : public executorch::runtime::DataLoader {
size_t offset,
size_t size,
ET_UNUSED const DataLoader::SegmentInfo& segment_info) const override {
size_t total_size;
bool overflow = c10::add_overflows(offset, size, &total_size);
ET_CHECK_OR_RETURN_ERROR(
!overflow && total_size <= size_,
offset + size <= size_,
InvalidArgument,
"offset %zu + size %zu > size_ %zu, or overflow detected",
"offset %zu + size %zu > size_ %zu",
offset,
size,
size_);
Comment on lines 36 to 42
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bounds check offset + size <= size_ can overflow size_t and wrap, allowing an out-of-bounds slice to pass validation. Use an overflow-safe check (e.g., offset <= size_ && size <= size_ - offset) or __builtin_add_overflow/similar to reject wrapped additions.

Copilot uses AI. Check for mistakes.
Comment on lines 36 to 42
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are out-of-bounds tests for SharedPtrDataLoader, but no regression test for the offset + size overflow case. Add a unit test that passes values like offset=128, size=SIZE_MAX-127 and expects InvalidArgument, so future refactors don’t reintroduce wraparound bugs.

Copilot uses AI. Check for mistakes.
Expand Down
Loading