| --- |
| license: mit |
| --- |
| |
| # TFLite (.tflite) β Integer Overflow in Buffer offset+size Bounds Check β OOB Read |
|
|
| **Vulnerability Class:** CWE-190 Integer Overflow β CWE-125 Out-of-bounds Read |
| **Affected:** tensorflow/tensorflow (TFLite interpreter) @ HEAD |
| **Status:** ASAN-verified (3 variants: SEGV, heap-buffer-overflow READ) |
|
|
| ## Summary |
|
|
| Integer overflow in TFLite `InterpreterBuilder` at `interpreter_builder.cc:671` β |
| `offset + buffer->size()` wraps `uint64_t`, bypassing the bounds check. The resulting |
| pointer `allocation_->base() + offset` goes OOB. Same pattern at line 378 for |
| `large_custom_options_offset + large_custom_options_size`. |
|
|
| Key factor: **InterpreterBuilder does NOT invoke the flatbuffer verifier by default.** |
| Even the optional verifier does not validate `Buffer.offset`/`Buffer.size` fields. |
|
|
| ## Files |
|
|
| - `poc/harness_tflite_offset.cpp` β Self-contained ASAN harness (3 modes) |
| - `evidence/buffer_offset_segv.txt` β ASAN log: OOB pointer access |
| - `evidence/large_custom_options_oob.txt` β ASAN log: heap-buffer-overflow READ |
| - `evidence/buffer_offset_heap_oob.txt` β ASAN log: heap-buffer-overflow variant |
| - `REPORT.md` β Full vulnerability report |
|
|
| ## Reproduction |
|
|
| ```bash |
| g++ -std=c++17 -fsanitize=address -g -O0 -o harness_tflite poc/harness_tflite_offset.cpp |
| ./harness_tflite # Buffer offset overflow β OOB |
| ./harness_tflite custom # large_custom_options overflow β heap OOB |
| ./harness_tflite heap # near-end offset β heap-buffer-overflow READ |
| ``` |
|
|