[BUG] Missing index validation in Gather path #3496
Description
Describe the bug
I found a vulnerability in Gather path which looks similar to CVE-2021-37687.
In related fix, negative or oversized gather indices were rejected with runtime validation before they could influence the source offset used by the copy path.
In tflite-micro, the relevant target path is:
- target location: Gather() of `tensorflow/lite/micro/kernels/gather.cc
It seems that release builds may still lack a runtime guard for malformed indices.
ASAN Log
=================================================================
==9==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x738c6ec084dc at pc 0x738c70fee936 bp 0x7ffce6654d50 sp 0x7ffce6654510
READ of size 4 at 0x738c6ec084dc thread T0
#0 0x738c70fee935 in memcpy (/usr/local/lib64/libasan.so.8+0xf2935)
#1 0x5132a9 in Gather<float, int> tensorflow/lite/micro/kernels/gather.cc:87
#2 0x512400 in GatherEval tensorflow/lite/micro/kernels/gather.cc:204
#3 0x43c963 in tflite::MicroInterpreterGraph::InvokeSubgraph(int) tensorflow/lite/micro/micro_interpreter_graph.cc:277
#4 0x42ae26 in tflite::MicroInterpreter::Invoke() tensorflow/lite/micro/micro_interpreter.cc:294
#5 0x409cfc in MicroInterpreterGraphTest_GatherNegativeIndexFullPathPoC_Test() tensorflow/lite/micro/micro_interpreter_graph_test.cc:224
#6 0x411673 in micro_test::internal::TestRunner::Run() (/work/analysis_output/poc_validation/docker_cache/tflm_37687_fullpath/linux_x86_64_release_with_logs_gcc/bin/micro_interpreter_graph_test+0x411673)
#7 0x411e01 in micro_test::RunAllTests() (/work/analysis_output/poc_validation/docker_cache/tflm_37687_fullpath/linux_x86_64_release_with_logs_gcc/bin/micro_interpreter_graph_test+0x411e01)
#8 0x40a135 in main tensorflow/lite/micro/micro_interpreter_graph_test.cc:227
#9 0x738c70399ca7 (/lib/x86_64-linux-gnu/libc.so.6+0x29ca7) (BuildId: fce446c9d4ad48e2b0c90cce1a11722897805281)
#10 0x738c70399d64 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29d64) (BuildId: fce446c9d4ad48e2b0c90cce1a11722897805281)
#11 0x403670 in _start (/work/analysis_output/poc_validation/docker_cache/tflm_37687_fullpath/linux_x86_64_release_with_logs_gcc/bin/micro_interpreter_graph_test+0x403670)
Related information
please check the information and fix the vulnerability.