Talson's picture
Upload README.md with huggingface_hub
f5ed58e verified
|
Raw
History Blame Contribute Delete
1.51 kB
---
license: mit
---
# TFLite (.tflite) β€” Integer Overflow in Buffer offset+size Bounds Check β†’ OOB Read
**Vulnerability Class:** CWE-190 Integer Overflow β†’ CWE-125 Out-of-bounds Read
**Affected:** tensorflow/tensorflow (TFLite interpreter) @ HEAD
**Status:** ASAN-verified (3 variants: SEGV, heap-buffer-overflow READ)
## Summary
Integer overflow in TFLite `InterpreterBuilder` at `interpreter_builder.cc:671` β€”
`offset + buffer->size()` wraps `uint64_t`, bypassing the bounds check. The resulting
pointer `allocation_->base() + offset` goes OOB. Same pattern at line 378 for
`large_custom_options_offset + large_custom_options_size`.
Key factor: **InterpreterBuilder does NOT invoke the flatbuffer verifier by default.**
Even the optional verifier does not validate `Buffer.offset`/`Buffer.size` fields.
## Files
- `poc/harness_tflite_offset.cpp` β€” Self-contained ASAN harness (3 modes)
- `evidence/buffer_offset_segv.txt` β€” ASAN log: OOB pointer access
- `evidence/large_custom_options_oob.txt` β€” ASAN log: heap-buffer-overflow READ
- `evidence/buffer_offset_heap_oob.txt` β€” ASAN log: heap-buffer-overflow variant
- `REPORT.md` β€” Full vulnerability report
## Reproduction
```bash
g++ -std=c++17 -fsanitize=address -g -O0 -o harness_tflite poc/harness_tflite_offset.cpp
./harness_tflite # Buffer offset overflow β†’ OOB
./harness_tflite custom # large_custom_options overflow β†’ heap OOB
./harness_tflite heap # near-end offset β†’ heap-buffer-overflow READ
```