Headline
CVE-2022-21728: Fix out of bound error in ReverseSequence Op shape function · tensorflow/tensorflow@37c01fb
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batch_dim and can result in a heap OOB read. There is a check to make sure the value of batch_dim does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python’s negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of Dim would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
@@ -1653,11 +1653,21 @@ REGISTER_OP(“ReverseSequence”)
return errors::InvalidArgument(
"batch_dim must be < input rank: ", batch_dim, " vs. ", input_rank);
}
if (seq_dim >= input_rank) {
return errors::InvalidArgument(
"seq_dim must be < input rank: ", seq_dim, " vs. ", input_rank);
}
// To prevent out of bound access when calling c->Dim(input, batch_dim),
// batch_dim range [-1 * input rank, input rank) is allowed. However,
// the op implementation has a stricter bound for batch_dim requiring >= 0
// value. Thus, perform strict check here.
if (batch_dim < 0) {
return errors::InvalidArgument("batch_dim must be >=0, got ",
batch_dim);
}
DimensionHandle batch_dim_dim = c->Dim(input, batch_dim);
TF_RETURN_IF_ERROR(
c->Merge(batch_dim_dim, c->Dim(seq_lens_shape, 0), &batch_dim_dim));