From da9afc1d3a439eca8bbbd29eb02a77b75c9e8407 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi <yamamoto@midokura.com>
Date: Mon, 4 Aug 2025 11:58:14 +0900
Subject: [PATCH] wasi-nn: add a missing address validation for get_output

cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4533
---
 core/iwasm/libraries/wasi-nn/src/wasi_nn.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn.c b/core/iwasm/libraries/wasi-nn/src/wasi_nn.c
index 7921ec953..7c373a483 100644
--- a/core/iwasm/libraries/wasi-nn/src/wasi_nn.c
+++ b/core/iwasm/libraries/wasi-nn/src/wasi_nn.c
@@ -781,6 +781,22 @@ wasi_nn_get_output(wasm_exec_env_t exec_env, graph_execution_context ctx,
     if (success != (res = is_model_initialized(wasi_nn_ctx)))
         goto fail;
 
+#if WASM_ENABLE_WASI_EPHEMERAL_NN != 0
+    if (!wasm_runtime_validate_native_addr(instance, output_tensor,
+                                           output_tensor_len)) {
+        NN_ERR_PRINTF("output_tensor is invalid");
+        res = invalid_argument;
+        goto fail;
+    }
+#else
+    if (!wasm_runtime_validate_native_addr(instance, output_tensor,
+                                           *output_tensor_size)) {
+        NN_ERR_PRINTF("output_tensor is invalid");
+        res = invalid_argument;
+        goto fail;
+    }
+#endif
+
     if (!wasm_runtime_validate_native_addr(instance, output_tensor_size,
                                            (uint64)sizeof(uint32_t))) {
         NN_ERR_PRINTF("output_tensor_size is invalid");