Skip to content

check serialized vector lengths before indexing in deserializer#9216

Open
Nashit-h wants to merge 1 commit into
halide:mainfrom
Nashit-h:deserialize-vector-length-checks
Open

check serialized vector lengths before indexing in deserializer#9216
Nashit-h wants to merge 1 commit into
halide:mainfrom
Nashit-h:deserialize-vector-length-checks

Conversation

@Nashit-h

Copy link
Copy Markdown

the deserializer takes a length from one field of the .hlpipe flatbuffer and applies it as an index into a different, independently sized one, and nothing runs a flatbuffers verifier over the input first. deserialize_expr_vector walks exprs_serialized while indexing exprs_types, deserialize_fuse_loop_level walks align_dimension_names while indexing align_strategies, deserialize_buffer loops to the scalar dimensions field while indexing dims, and deserialize walks funcs while indexing functions, which is sized from func_names_in_order. flatbuffers::Vector::Get only guards with FLATBUFFERS_ASSERT, which is plain assert() and compiles out under NDEBUG, so a file that disagrees with itself reads past the vector and treats the bytes that follow as a relative table offset; a buffer declaring dimensions=3 while carrying a single dim faults inside BufferDimension::min() under asan, and the align_strategies case is a straight heap overread. the serializer writes each of these pairs in lockstep, so requiring them to agree only rejects input that was already malformed.

the generated schema header is private to the Halide target and serialization is behind an optional flag, so there's no natural home for a malformed-file test in test/error; #9208 landed the same shape of check in the same file without one.

Checklist

  • Tests added or updated (not required for docs, CI config, or typo fixes)
  • Documentation updated (if public API changed)
  • Python bindings updated (if public API changed)
  • Benchmarks are included here if the change is intended to affect performance.
  • Commits include AI attribution where applicable (see Code of Conduct)

@alexreinking

Copy link
Copy Markdown
Member

Hi @Nashit-h — we're curious to know if this is part of some larger bug-finding initiative, or if you're interested in Halide specifically. Either way, we appreciate the high-value bugfixes!

Also, based on the phrasing in your PR descriptions, it sounds like you're likely using Claude to find these bugs. If you are, would you please add a Co-authored-by attribution in the future? Can you share any workflows or prompting that you're using to find these bugs? Our team has plenty of credits to spare, and this is clearly a useful deployment of Claude.

@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 7.14286% with 13 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@b2a938c). Learn more about missing BASE report.

Files with missing lines Patch % Lines
src/Deserialization.cpp 7.14% 8 Missing and 5 partials ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##             main    #9216   +/-   ##
=======================================
  Coverage        ?   69.72%           
=======================================
  Files           ?      255           
  Lines           ?    78588           
  Branches        ?    18795           
=======================================
  Hits            ?    54795           
  Misses          ?    18193           
  Partials        ?     5600           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Nashit-h

Copy link
Copy Markdown
Author

Hi @alexreinking, This issue was identified using BugQore, our proprietary Multi-Agent Remediation Engine, which leverages repository-scale semantic program analysis, contextual dependency modeling, execution-path reasoning, and multi-stage validation to identify and remediate high-confidence security findings.

BugQore is available as a commercial platform. If it aligns with your engineering or application security requirements, we'd be pleased to discuss deployment and licensing with your team.
support@bugqore.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants