From 6a1d506cb0619c6bcf8685ada56ddf4507c2f2d4 Mon Sep 17 00:00:00 2001 From: David Monahan Date: Tue, 29 Aug 2023 09:10:50 +0100 Subject: IVGCVSW-7901 Fix unsafe Usages of Memcpy in Armnn * Updated usages of Memcpy to use proper checks for null instead of asserts * Added error checking in places where none existed Signed-off-by: David Monahan Change-Id: I9529acd966466ba281f88918be2ec372a756e183 --- src/armnnUtils/Permute.cpp | 59 ++++++++++++++----- src/armnnUtils/Transpose.cpp | 59 ++++++++++++++----- src/backends/backendsCommon/TensorHandle.cpp | 35 +++++++++-- src/backends/backendsCommon/WorkloadUtils.cpp | 20 +++++-- .../test/layerTests/ReverseV2TestImpl.cpp | 17 ++++-- src/backends/reference/RefTensorHandle.cpp | 26 +++++++-- src/backends/reference/workloads/Slice.cpp | 67 +++++++++++++++++++--- src/backends/reference/workloads/StridedSlice.cpp | 9 +++ src/backends/tosaReference/TosaRefTensorHandle.cpp | 26 +++++++-- src/dynamic/sample/SampleTensorHandle.cpp | 22 +++++-- 10 files changed, 277 insertions(+), 63 deletions(-) (limited to 'src') diff --git a/src/armnnUtils/Permute.cpp b/src/armnnUtils/Permute.cpp index 7d15f3ca5d..19b465ba5d 100644 --- a/src/armnnUtils/Permute.cpp +++ b/src/armnnUtils/Permute.cpp @@ -9,7 +9,6 @@ #include "Half.hpp" -#include #include namespace @@ -23,7 +22,13 @@ public: PermuteLoop(const armnn::TensorShape& dstShape, const armnn::PermutationVector& mappings) : m_DstShape(dstShape) { - assert(dstShape.GetNumDimensions() == mappings.GetSize()); + if (dstShape.GetNumDimensions() != mappings.GetSize()) + { + std::stringstream msg; + msg << "Permute: Number of shape dimensions (" << dstShape.GetNumDimensions() << + ") does not match the size of the mappings (" << mappings.GetSize() << ")"; + throw armnn::InvalidArgumentException(msg.str()); + } const size_type numDims = dstShape.GetNumDimensions(); @@ -42,9 +47,18 @@ public: void Unroll(const void* srcData, void* dstData, size_t dataTypeSize) { - assert(srcData); - assert(dstData); - assert(dataTypeSize > 0); + if (srcData == nullptr) + { + throw armnn::InvalidArgumentException("Permute: Source Data pointer is null"); + } + if (dstData == nullptr) + { + throw armnn::InvalidArgumentException("Permute: Destination Data pointer is null"); + } + if (dataTypeSize == 0) + { + throw armnn::InvalidArgumentException("Permute: dataTypeSize is zero"); + } const unsigned char* srcDataPtr = reinterpret_cast(srcData); unsigned char* dstDataPtr = reinterpret_cast(dstData); @@ -61,13 +75,26 @@ private: const unsigned char* srcEnd, unsigned char* dstEnd, size_t dataTypeSize) { - assert(srcData); - assert(dstData); - assert(srcEnd); - assert(dstEnd); - assert(srcData < srcEnd); - assert(dstData < dstEnd); - assert(dataTypeSize > 0); + if (srcData == nullptr) + { + throw armnn::InvalidArgumentException("Permute: Source Data pointer is null"); + } + if (dstData == nullptr) + { + throw armnn::InvalidArgumentException("Permute: Destination Data pointer is null"); + } + if (srcEnd == nullptr) + { + throw armnn::InvalidArgumentException("Permute: Source End pointer is null"); + } + if (dstEnd == nullptr) + { + throw armnn::InvalidArgumentException("Permute: Destination End pointer is null"); + } + if (dataTypeSize == 0) + { + throw armnn::Exception("Permute: dataTypeSize is zero"); + } if (dimension >= m_DstShape.GetNumDimensions()) { @@ -98,7 +125,13 @@ namespace armnnUtils armnn::TensorShape Permuted(const armnn::TensorShape& srcShape, const armnn::PermutationVector& mappings) { - assert(srcShape.GetNumDimensions() == mappings.GetSize()); + if (srcShape.GetNumDimensions() != mappings.GetSize()) + { + std::stringstream msg; + msg << "Permute: Number of shape dimensions (" << srcShape.GetNumDimensions() << + ") does not match the size of the mappings (" << mappings.GetSize() << ")"; + throw armnn::InvalidArgumentException(msg.str()); + } const unsigned int numDims = mappings.GetSize(); unsigned int outDims[armnn::MaxNumOfTensorDimensions]; diff --git a/src/armnnUtils/Transpose.cpp b/src/armnnUtils/Transpose.cpp index 3457cacd65..a8e4a1cb81 100644 --- a/src/armnnUtils/Transpose.cpp +++ b/src/armnnUtils/Transpose.cpp @@ -9,7 +9,6 @@ #include "Half.hpp" -#include #include namespace @@ -23,7 +22,13 @@ public: TransposeLoop(const armnn::TensorShape& srcShape, const armnn::PermutationVector& mappings) : m_SrcShape(srcShape) { - assert(srcShape.GetNumDimensions() == mappings.GetSize()); + if (srcShape.GetNumDimensions() != mappings.GetSize()) + { + std::stringstream msg; + msg << "Transpose: Number of shape dimensions (" << srcShape.GetNumDimensions() << + ") does not match the size of the mappings (" << mappings.GetSize() << ")"; + throw armnn::InvalidArgumentException(msg.str()); + } const size_type numDims = srcShape.GetNumDimensions(); @@ -42,9 +47,18 @@ public: void Unroll(const void* srcData, void* dstData, size_t dataTypeSize) { - assert(srcData); - assert(dstData); - assert(dataTypeSize > 0); + if (srcData == nullptr) + { + throw armnn::Exception("Transpose: Source Data pointer is null"); + } + if (dstData == nullptr) + { + throw armnn::Exception("Transpose: Destination Data pointer is null"); + } + if (dataTypeSize == 0) + { + throw armnn::Exception("Transpose: dataTypeSize is zero"); + } const unsigned char* srcDataPtr = reinterpret_cast(srcData); unsigned char* dstDataPtr = reinterpret_cast(dstData); @@ -61,13 +75,26 @@ private: const unsigned char* srcEnd, unsigned char* dstEnd, size_t dataTypeSize) { - assert(srcData); - assert(dstData); - assert(srcEnd); - assert(dstEnd); - assert(srcData < srcEnd); - assert(dstData < dstEnd); - assert(dataTypeSize > 0); + if (srcData == nullptr) + { + throw armnn::Exception("Transpose: Source Data pointer is null"); + } + if (dstData == nullptr) + { + throw armnn::Exception("Transpose: Destination Data pointer is null"); + } + if (srcEnd == nullptr) + { + throw armnn::Exception("Transpose: Source End pointer is null"); + } + if (dstEnd == nullptr) + { + throw armnn::Exception("Transpose: Destination End is zero"); + } + if (dataTypeSize == 0) + { + throw armnn::Exception("Transpose: dataTypeSize is invalid"); + } if (dimension >= m_SrcShape.GetNumDimensions()) { @@ -97,7 +124,13 @@ namespace armnnUtils armnn::TensorShape TransposeTensorShape(const armnn::TensorShape& srcShape, const armnn::PermutationVector& mappings) { - assert(srcShape.GetNumDimensions() == mappings.GetSize()); + if (srcShape.GetNumDimensions() != mappings.GetSize()) + { + std::stringstream msg; + msg << "Transpose: Number of shape dimensions (" << srcShape.GetNumDimensions() << + ") does not match the size of the mappings (" << mappings.GetSize() << ")"; + throw armnn::InvalidArgumentException(msg.str()); + } const unsigned int numDims = mappings.GetSize(); unsigned int outDims[armnn::MaxNumOfTensorDimensions]; diff --git a/src/backends/backendsCommon/TensorHandle.cpp b/src/backends/backendsCommon/TensorHandle.cpp index d55fca24d4..bc221adbe3 100644 --- a/src/backends/backendsCommon/TensorHandle.cpp +++ b/src/backends/backendsCommon/TensorHandle.cpp @@ -103,12 +103,30 @@ void ScopedTensorHandle::Allocate() void ScopedTensorHandle::CopyOutTo(void* memory) const { - memcpy(memory, GetTensor(), GetTensorInfo().GetNumBytes()); + const void* src = GetTensor(); + if (src == nullptr) + { + throw NullPointerException("TensorHandle::CopyOutTo called with a null src pointer"); + } + if (memory == nullptr) + { + throw NullPointerException("TensorHandle::CopyOutTo called with a null dest pointer"); + } + memcpy(memory, src, GetTensorInfo().GetNumBytes()); } void ScopedTensorHandle::CopyInFrom(const void* memory) { - memcpy(GetTensor(), memory, GetTensorInfo().GetNumBytes()); + void* dest = GetTensor(); + if (dest == nullptr) + { + throw NullPointerException("TensorHandle::CopyInFrom called with a null dest pointer"); + } + if (memory == nullptr) + { + throw NullPointerException("TensorHandle::CopyInFrom called with a null src pointer"); + } + memcpy(dest, memory, GetTensorInfo().GetNumBytes()); } void ScopedTensorHandle::CopyFrom(const ScopedTensorHandle& other) @@ -118,8 +136,17 @@ void ScopedTensorHandle::CopyFrom(const ScopedTensorHandle& other) void ScopedTensorHandle::CopyFrom(const void* srcMemory, unsigned int numBytes) { - ARMNN_ASSERT(GetTensor() == nullptr); - ARMNN_ASSERT(GetTensorInfo().GetNumBytes() == numBytes); + if (GetTensor() != nullptr) + { + throw NullPointerException("TensorHandle::CopyFrom called on an already allocated TensorHandle"); + } + if (GetTensorInfo().GetNumBytes() != numBytes) + { + std::stringstream msg; + msg << "TensorHandle:CopyFrom: Number of bytes in the tensor info (" << GetTensorInfo().GetNumBytes() << + ") does not match the number of bytes being copied (" << numBytes << ")"; + throw armnn::Exception(msg.str()); + } if (srcMemory) { diff --git a/src/backends/backendsCommon/WorkloadUtils.cpp b/src/backends/backendsCommon/WorkloadUtils.cpp index 3aea667bfe..28d01ec127 100644 --- a/src/backends/backendsCommon/WorkloadUtils.cpp +++ b/src/backends/backendsCommon/WorkloadUtils.cpp @@ -18,8 +18,14 @@ namespace armnn armnn::ConstTensor PermuteTensor(const ConstTensorHandle* tensor, const PermutationVector& permutationVector, void* permuteBuffer) { - ARMNN_ASSERT_MSG(tensor, "Invalid input tensor"); - ARMNN_ASSERT_MSG(permuteBuffer, "Invalid permute buffer"); + if (tensor == nullptr) + { + throw armnn::InvalidArgumentException("WorkloadUtils: PermuteTensor: Null input tensor pointer"); + } + if (permuteBuffer == nullptr) + { + throw armnn::InvalidArgumentException("WorkloadUtils: PermuteTensor: Null permute buffer pointer"); + } TensorInfo tensorInfo = tensor->GetTensorInfo(); @@ -231,8 +237,14 @@ armnn::ConstTensor ConvertWeightTensorFromArmnnToAcl(const ConstTensorHandle* we DataLayout dataLayout, void* permuteBuffer) { - ARMNN_ASSERT_MSG(weightTensor, "Invalid input tensor"); - ARMNN_ASSERT_MSG(permuteBuffer, "Invalid permute buffer"); + if (weightTensor == nullptr) + { + throw armnn::InvalidArgumentException("WorkloadUtils: PermuteTensor: Null input tensor pointer"); + } + if (permuteBuffer == nullptr) + { + throw armnn::InvalidArgumentException("WorkloadUtils: PermuteTensor: Null permute buffer pointer"); + } auto multiplier = weightTensor->GetTensorInfo().GetShape()[0]; auto inputChannels = weightTensor->GetTensorInfo().GetShape()[1]; diff --git a/src/backends/backendsCommon/test/layerTests/ReverseV2TestImpl.cpp b/src/backends/backendsCommon/test/layerTests/ReverseV2TestImpl.cpp index 3cfd614336..f2774037bd 100644 --- a/src/backends/backendsCommon/test/layerTests/ReverseV2TestImpl.cpp +++ b/src/backends/backendsCommon/test/layerTests/ReverseV2TestImpl.cpp @@ -63,13 +63,22 @@ namespace axisHandle->Allocate(); outputHandle->Allocate(); - CopyDataToITensorHandle(inputHandle.get(), input.data()); - CopyDataToITensorHandle(axisHandle.get(), axis.data()); + if (input.data() != nullptr) + { + CopyDataToITensorHandle(inputHandle.get(), input.data()); + } + if (axis.data() != nullptr) + { + CopyDataToITensorHandle(axisHandle.get(), axis.data()); + } workload->PostAllocationConfigure(); ExecuteWorkload(*workload, memoryManager); - CopyDataFromITensorHandle(outputActual.data(), outputHandle.get()); + if (outputActual.data() != nullptr) + { + CopyDataFromITensorHandle(outputActual.data(), outputHandle.get()); + } return LayerTestResult(outputActual, outputExpected, @@ -98,7 +107,7 @@ LayerTestResult ReverseV2SimpleTestEmptyAxis( 3, 4 }, qScale, qOffset); - std::vector axis = armnnUtils::QuantizedVector({}, qScale, qOffset); + std::vector axis = armnnUtils::QuantizedVector({1, 1}, qScale, qOffset); std::vector outputExpected = armnnUtils::QuantizedVector({ 1, 2, diff --git a/src/backends/reference/RefTensorHandle.cpp b/src/backends/reference/RefTensorHandle.cpp index cce992c947..07f497c54e 100644 --- a/src/backends/reference/RefTensorHandle.cpp +++ b/src/backends/reference/RefTensorHandle.cpp @@ -101,16 +101,30 @@ void* RefTensorHandle::GetPointer() const void RefTensorHandle::CopyOutTo(void* dest) const { - const void *src = GetPointer(); - ARMNN_ASSERT(src); - memcpy(dest, src, m_TensorInfo.GetNumBytes()); + const void* src = GetPointer(); + if (src == nullptr) + { + throw NullPointerException("TensorHandle::CopyOutTo called with a null src pointer"); + } + if (dest == nullptr) + { + throw NullPointerException("TensorHandle::CopyOutTo called with a null dest pointer"); + } + memcpy(dest, src, GetTensorInfo().GetNumBytes()); } void RefTensorHandle::CopyInFrom(const void* src) { - void *dest = GetPointer(); - ARMNN_ASSERT(dest); - memcpy(dest, src, m_TensorInfo.GetNumBytes()); + void* dest = GetPointer(); + if (dest == nullptr) + { + throw NullPointerException("RefTensorHandle::CopyInFrom called with a null dest pointer"); + } + if (src == nullptr) + { + throw NullPointerException("RefTensorHandle::CopyInFrom called with a null src pointer"); + } + memcpy(dest, src, GetTensorInfo().GetNumBytes()); } MemorySourceFlags RefTensorHandle::GetImportFlags() const diff --git a/src/backends/reference/workloads/Slice.cpp b/src/backends/reference/workloads/Slice.cpp index d6836c6933..534a063ed5 100644 --- a/src/backends/reference/workloads/Slice.cpp +++ b/src/backends/reference/workloads/Slice.cpp @@ -20,11 +20,28 @@ void Slice(const TensorInfo& inputInfo, const TensorShape& inputShape = inputInfo.GetShape(); const unsigned int numDims = inputShape.GetNumDimensions(); - ARMNN_ASSERT(descriptor.m_Begin.size() == numDims); - ARMNN_ASSERT(descriptor.m_Size.size() == numDims); - constexpr unsigned int maxNumDims = 4; - ARMNN_ASSERT(numDims <= maxNumDims); + if (descriptor.m_Begin.size() != numDims) + { + std::stringstream msg; + msg << "Slice: Number of dimensions (" << numDims << + ") does not match the Begin vector in the descriptor (" << descriptor.m_Begin.size() << ")"; + throw InvalidArgumentException(msg.str()); + } + if (descriptor.m_Size.size() != numDims) + { + std::stringstream msg; + msg << "Slice: Number of dimensions (" << numDims << + ") does not match the Size vector in the descriptor (" << descriptor.m_Size.size() << ")"; + throw InvalidArgumentException(msg.str()); + } + if (numDims > maxNumDims) + { + std::stringstream msg; + msg << "Slice: Number of dimensions (" << numDims << + ") is greater than the maximum supported (" << maxNumDims << ")"; + throw InvalidArgumentException(msg.str()); + } std::vector paddedInput(4); std::vector paddedBegin(4); @@ -63,15 +80,47 @@ void Slice(const TensorInfo& inputInfo, unsigned int size2 = paddedSize[2]; unsigned int size3 = paddedSize[3]; - ARMNN_ASSERT(begin0 + size0 <= dim0); - ARMNN_ASSERT(begin1 + size1 <= dim1); - ARMNN_ASSERT(begin2 + size2 <= dim2); - ARMNN_ASSERT(begin3 + size3 <= dim3); + if (begin0 + size0 > dim0) + { + std::stringstream msg; + msg << "Slice: begin0 + size0 (" << (begin0 + size0) << + ") exceeds dim0 (" << dim0 << ")"; + throw InvalidArgumentException(msg.str()); + } + if (begin1 + size1 > dim1) + { + std::stringstream msg; + msg << "Slice: begin1 + size1 (" << (begin1 + size1) << + ") exceeds dim2 (" << dim1 << ")"; + throw InvalidArgumentException(msg.str()); + } + if (begin2 + size2 > dim2) + { + std::stringstream msg; + msg << "Slice: begin2 + size2 (" << (begin2 + size2) << + ") exceeds dim2 (" << dim2 << ")"; + throw InvalidArgumentException(msg.str()); + } + if (begin3 + size3 > dim3) + { + std::stringstream msg; + msg << "Slice: begin3 + size3 (" << (begin3 + size3) << + ") exceeds dim3 (" << dim3 << ")"; + throw InvalidArgumentException(msg.str()); + } + + if (inputData == nullptr) + { + throw armnn::NullPointerException("Slice: Null inputData pointer"); + } + if (outputData == nullptr) + { + throw armnn::NullPointerException("Slice: Null outputData pointer"); + } const unsigned char* input = reinterpret_cast(inputData); unsigned char* output = reinterpret_cast(outputData); - IgnoreUnused(dim0); for (unsigned int idx0 = begin0; idx0 < begin0 + size0; ++idx0) { for (unsigned int idx1 = begin1; idx1 < begin1 + size1; ++idx1) diff --git a/src/backends/reference/workloads/StridedSlice.cpp b/src/backends/reference/workloads/StridedSlice.cpp index c5fb121cb3..68600c9a95 100644 --- a/src/backends/reference/workloads/StridedSlice.cpp +++ b/src/backends/reference/workloads/StridedSlice.cpp @@ -93,6 +93,15 @@ void StridedSlice(const TensorInfo& inputInfo, void* outputData, unsigned int dataTypeSize) { + if (inputData == nullptr) + { + throw armnn::InvalidArgumentException("Slice: Null inputData pointer"); + } + if (outputData == nullptr) + { + throw armnn::InvalidArgumentException("Slice: Null outputData pointer"); + } + const unsigned char* input = reinterpret_cast(inputData); unsigned char* output = reinterpret_cast(outputData); diff --git a/src/backends/tosaReference/TosaRefTensorHandle.cpp b/src/backends/tosaReference/TosaRefTensorHandle.cpp index 38d02f1bb6..aaffc8ab6c 100644 --- a/src/backends/tosaReference/TosaRefTensorHandle.cpp +++ b/src/backends/tosaReference/TosaRefTensorHandle.cpp @@ -100,16 +100,30 @@ void* TosaRefTensorHandle::GetPointer() const void TosaRefTensorHandle::CopyOutTo(void* dest) const { - const void *src = GetPointer(); - ARMNN_ASSERT(src); - memcpy(dest, src, m_TensorInfo.GetNumBytes()); + const void* src = GetPointer(); + if (src == nullptr) + { + throw NullPointerException("TosaRefTensorHandle::CopyOutTo called with a null src pointer"); + } + if (dest == nullptr) + { + throw NullPointerException("TosaRefTensorHandle::CopyOutTo called with a null dest pointer"); + } + memcpy(dest, src, GetTensorInfo().GetNumBytes()); } void TosaRefTensorHandle::CopyInFrom(const void* src) { - void *dest = GetPointer(); - ARMNN_ASSERT(dest); - memcpy(dest, src, m_TensorInfo.GetNumBytes()); + void* dest = GetPointer(); + if (dest == nullptr) + { + throw NullPointerException("TosaRefTensorHandle::CopyInFrom called with a null dest pointer"); + } + if (src == nullptr) + { + throw NullPointerException("TosaRefTensorHandle::CopyInFrom called with a null src pointer"); + } + memcpy(dest, src, GetTensorInfo().GetNumBytes()); } bool TosaRefTensorHandle::Import(void* memory, MemorySource source) diff --git a/src/dynamic/sample/SampleTensorHandle.cpp b/src/dynamic/sample/SampleTensorHandle.cpp index c00861871c..80554aad3c 100644 --- a/src/dynamic/sample/SampleTensorHandle.cpp +++ b/src/dynamic/sample/SampleTensorHandle.cpp @@ -136,15 +136,29 @@ bool SampleTensorHandle::Import(void* memory, armnn::MemorySource source) void SampleTensorHandle::CopyOutTo(void* dest) const { - const void *src = GetPointer(); - ARMNN_ASSERT(src); + const void* src = GetPointer(); + if (dest == nullptr) + { + throw armnn::Exception("SampleTensorHandle:CopyOutTo: Destination Ptr is null"); + } + if (src == nullptr) + { + throw armnn::Exception("SampleTensorHandle:CopyOutTo: Source Ptr is null"); + } memcpy(dest, src, m_TensorInfo.GetNumBytes()); } void SampleTensorHandle::CopyInFrom(const void* src) { - void *dest = GetPointer(); - ARMNN_ASSERT(dest); + void* dest = GetPointer(); + if (src == nullptr) + { + throw armnn::Exception("SampleTensorHandle:CopyInFrom: Source Ptr is null"); + } + if (dest == nullptr) + { + throw armnn::Exception("SampleTensorHandle:CopyInFrom: Destination Ptr is null"); + } memcpy(dest, src, m_TensorInfo.GetNumBytes()); } -- cgit v1.2.1