File size: 396 Bytes
7250c36 | 1 2 3 4 5 6 7 8 9 | # VULN-012: Heap OOB Read in TensorRT ONNX Parser (convertInt32Data)
CWE-125. convertInt32Data<T>() reads volume(shape) elements from int32_data without bounds check.
Undersized int32_data causes heap OOB read -> ACCESS_VIOLATION.
Affected types: FLOAT16, BFLOAT16, INT8, BOOL. Tested on TensorRT 10.15.1.29.
Run: `python reproduce.py` (each model is ~77 bytes, crashes during parse).
|