fix: add integer overflow check in noise_suppression_interface.cpp#10886
Open
orbisai0security wants to merge 2 commits into
Open
fix: add integer overflow check in noise_suppression_interface.cpp#10886orbisai0security wants to merge 2 commits into
orbisai0security wants to merge 2 commits into
Conversation
orbisai0security
requested review from
dbaluta,
kv2019i,
lbetlej,
lgirdwood,
mmaka1 and
plbossart
as code owners
Collaborator
|
Can one of the admins verify this patch?
|
lgirdwood
requested changes
Jun 12, 2026
lgirdwood
left a comment
lgirdwood
left a comment
Member
There was a problem hiding this comment.
Can you add proper commit messages that add more detail describing each change and your sign off.
…sions noise_suppression_load_model() and noise_suppression_first_iter() take the input tensor shape directly from the OpenVINO model file via nd->model->input(...).get_shape() and feed the resulting dimensions into downstream size computations and allocations without any range check. A crafted or corrupted .xml/.bin model can specify dimensions that are either zero (producing zero-sized allocations later written into) or large enough that a subsequent multiplication overflows before being used as a buffer length. Both lead to out-of-bounds memory access at inference time. The same pattern exists for the per-iteration input state shape, which is also read from the model. After fetching each shape, walk its dimensions and reject the model with -EINVAL if any dimension is zero or exceeds 1 << 24 (16 Mi elements). The upper bound is well above any realistic noise suppression tensor dimension and well below the point at which a product of two such dimensions can overflow a 32-bit size on the platforms this plugin targets, which closes the integer-overflow path without rejecting valid models. No functional change for well-formed models; malformed models now fail the load instead of corrupting memory. Reported-by: OrbisAI Security scanner (V-004, CWE-190) Signed-off-by: OrbisAI Security <mediratta01.pally@gmail.com>
orbisai0security
force-pushed
the
fix-v004-ov-noise-suppression-shape-validation
branch
from
8893a34 to
ed53bcd
Compare
Author
Done. Pls review. |
lgirdwood
reviewed
Jun 12, 2026
| #include <memory> | ||
|
|
||
| extern "C" { | ||
| #include "tools/plugin/modules/ov_noise_suppression/noise_suppression_interface.h" |
Member
There was a problem hiding this comment.
Its best if this test lives in the same directory as the OV module and has a valid Cmakefile for building.
| std::vector<int64_t> dimensions = GetParam(); | ||
|
|
||
| // Create a minimal mock model file with specified dimensions | ||
| std::string model_path = "/tmp/test_model_" + std::to_string(getpid()) + ".xml"; |
Member
There was a problem hiding this comment.
We should be able to pass in via cmd line.
| ) | ||
| ); | ||
|
|
||
| int main(int argc, char **argv) { |
Member
There was a problem hiding this comment.
abd we should have a -h help option to describe test and how to run.
| @@ -0,0 +1,62 @@ | |||
| #include <gtest/gtest.h> | |||
Member
There was a problem hiding this comment.
I assume CMake will check fro any dependency. Btw, missing copyright and license.
…ial model shapes
Add a regression test that exercises the input-shape guard introduced
in "tools: plugin: ov_noise_suppression: validate model input shape
dimensions". The test is a small C++ executable living next to the
module sources at
tools/plugin/modules/ov_noise_suppression/test_ns_shape_validation.cpp
and wired into the module's CMakeLists.txt inside the existing
if(OpenVINO_FOUND) block, so when OpenVINO is not installed the test
is skipped along with the module itself.
The test drives the public C API of the module
(ov_ns_init / ov_ns_free / NOISE_SUPPRESSION_MODEL_NAME) rather than
reaching into private structs, and is configurable from the command
line:
--model PATH use a caller-supplied OpenVINO model XML file.
--dim N [--dim N ...] synthesize a minimal model XML with the given
input-port dimensions, write it to a temporary
file (mkstemps), and use that.
--expect ok|reject expected outcome; default "reject".
-h, --help print usage describing what the test does and
how to run it.
The mock-model writer emits the smallest XML that ov::Core::read_model()
will accept for a Parameter input with the configured shape, so
ov_ns_init() reaches the dimension-validation loop the previous commit
added. The test then asserts that ov_ns_init() returned 0 for
--expect ok and non-zero for --expect reject, and exits 0 (PASS) or 1
(FAIL) accordingly.
Two ctest cases are registered at CMake time covering the two
adversarial shapes that motivated the fix:
ns_shape_zero --dim 0 --dim 480 # zero dim
ns_shape_overflow --dim 9223372036854775807 --dim 1024 # overflow
Real models can be exercised by invoking the executable directly with
--model PATH --expect ok.
Addresses review comments on PR thesofproject#10886:
r3403937663 - move test next to the module, build via the module's
CMakeLists so OpenVINO/dep checks are reused.
r3403939540 - take the model file / shape parameters on the command
line instead of hard-coding /tmp/test_model_<pid>.xml.
r3403944866 - add a -h help option describing the test and its usage.
r3403950342 - add the missing SPDX-License-Identifier and copyright
header; let CMake gate the build on OpenVINO presence.
Signed-off-by: OrbisAI Security <mediratta01.pally@gmail.com>
orbisai0security
force-pushed
the
fix-v004-ov-noise-suppression-shape-validation
branch
from
ed53bcd to
3effb1e
Compare
Author
Addressed the issues. Pls review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix high severity security issue in
tools/plugin/modules/ov_noise_suppression/noise_suppression_interface.cpp.Vulnerability
V-004tools/plugin/modules/ov_noise_suppression/noise_suppression_interface.cpp:87Description: The OpenVINO noise suppression plugin retrieves input tensor shapes from model files at lines 87 and 143 without validating dimensions against expected ranges. A malicious or corrupted model file can specify extremely large dimensions (causing integer overflow in subsequent allocations) or zero-sized dimensions (causing zero-size allocation followed by writes), leading to out-of-bounds memory access.
Evidence
Exploitation scenario: An attacker supplies a crafted OpenVINO model file (.xml/.bin) where input shape dimensions are set to extremely large values or zero.
Scanner confirmation: multi_agent_ai rule
V-004flagged this pattern.Production code: This file is in the production codebase, not test-only code.
Changes
tools/plugin/modules/ov_noise_suppression/noise_suppression_interface.cppVerification
Security Invariant
Regression test
This test guards against regressions — it's useful independent of the code change above.
Automated security fix by OrbisAI Security