🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/18820

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❗ 1 Active SEVs

There are 1 currently active SEVs. If your PR is affected, please view them below:

• Rolling out OSDC (ARC) runners on pull workflow for PyTorch trunk commits

⏳ No Failures, 5 Pending

As of commit 4e15ca5 with merge base 5e8a0df ():
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

@claude review this PR

Claude finished @lucylq's task in 1m 28s —— View job

Review of PR #18820

• Read the changed files and PR diff
• Analyze the changes for correctness, security, and style
• Post review feedback

The fix correctly addresses the core issue: the previous code dereferenced flatbuffer_graph->constant_buffer() and flatbuffer_graph->constant_data() without null or bounds checks, which could cause out-of-bounds reads or null pointer dereferences on malformed flatbuffer input. The added validation is appropriate for a security fix.

Two issues remain that should be addressed:

1. Missing null check after constant_buffer[buffer_idx]->storage()->data() (line 197)

After the bounds check, constant_buffer[buffer_idx] could still be null in a malformed flatbuffer (flatbuffers vectors can contain null entries). Dereferencing it or its ->storage() would crash. This should be guarded:

const auto& constant_buffer = *cb;
auto* buffer_entry = constant_buffer[buffer_idx];
if (buffer_entry == nullptr || buffer_entry->storage() == nullptr) {
  ET_LOG(Error, "Null constant_buffer entry at buffer_idx %u", buffer_idx);
  return nullptr;
}
return buffer_entry->storage()->data();

2. Missing null check after cd->Get(buffer_idx) (line 208)

Similarly, cd->Get(buffer_idx) can return null even with a valid index if the flatbuffer is corrupted. The result is immediately dereferenced on line 209 (constant_data_offset->offset()), which would crash:

ConstantDataOffsetPtr constant_data_offset = cd->Get(buffer_idx);
if (constant_data_offset == nullptr) {
  ET_LOG(Error, "Null constant_data entry at buffer_idx %u", buffer_idx);
  return nullptr;
}

3. Caller impact of returning nullptr on error (minor)

For the defineTensor call site (line 318), buffer_ptr being nullptr is the normal case for non-constant tensors (when buffer_idx == 0). When buffer_idx != 0 but we return nullptr due to an error, this silently creates a non-constant tensor instead of propagating the error. The existing callers at lines 469 and 511 do check for nullptr with ET_CHECK_OR_RETURN_ERROR, so those are fine. The defineTensor path is lower risk since it would produce incorrect results rather than a crash, but worth noting for a future follow-up.

Items 1 and 2 are the higher priority since they leave crash paths open that this PR aims to close. Fix these issues →

Can we update defineTensor to handle the case of a nullptr returned from getConstantDataPtr? It might silently break on malformed PTE.

thanks that's a great catch - I'll wrap the return of getConstantDataPtr in Result, so we can differentiate between nullptr and actual error.

@claude re-review?

Claude finished @lucylq's task in 59s —— View job

Re-review of PR #18820

• Read the current state of changed files and PR diff
• Analyze changes for correctness, security, and style
• Post review feedback

This is a solid revision that addresses all the issues from the first review. The key improvements since the last review:

1. Result<const uint8_t*> return type -- Properly differentiates between "no constant data" (nullptr success) and "invalid/corrupt flatbuffer" (Error). This was the main gap identified previously.

2. Null checks on constant_buffer[buffer_idx] and its ->storage() (line 199-203) -- Addresses the crash path on malformed flatbuffers where vector entries could be null.

3. Null check on cd->Get(buffer_idx) (line 216-220) -- Addresses the null constant_data_offset crash path.

4. Error propagation instead of silent nullptr (lines 234, 246) -- Both the weights-cache and named-data-map error paths now return data_ptr.error() / buffer.error() instead of nullptr, preserving the specific error code for callers.

5. All call sites updated -- defineTensor (line 329-339), and the two scale_buffer_idx call sites (lines 484-494, 530-541) all properly unwrap the Result and propagate errors.

One minor observation, not blocking:

• Line 228: constant_data_offset->named_key() could theoretically be null in a malformed flatbuffer even when IsFieldPresent returns true (the field is present but the offset points to null). Dereferencing with ->str() would crash. This is pre-existing and not introduced by this PR, so it's fine to address separately if at all -- the risk is low since IsFieldPresent guards it.

Overall the PR is clean and correct. The Result-based approach is the right design, and the validation is thorough across both the constant_buffer and constant_data paths. LGTM.

View job