From 2f0750a6fe452a3f9bd7bd4b009b59e461eddd1f Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Tue, 17 Jun 2025 12:17:00 +0900 Subject: [PATCH] wasi_nn_openvino.c: add a missing buffer overflow check in get_output (#4353) cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4351 --- core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c b/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c index 449839bdf..cf3559183 100644 --- a/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c +++ b/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c @@ -439,6 +439,11 @@ get_output(void *ctx, graph_execution_context exec_ctx, uint32_t index, CHECK_OV_STATUS(ov_tensor_get_byte_size(ov_tensor, &byte_size), ret); + if (byte_size > *output_tensor_size) { + ret = too_large; + goto fail; + } + CHECK_OV_STATUS(ov_tensor_data(ov_tensor, &data), ret); memcpy(output_tensor, data, byte_size);