From acd36fc0abb2e2143e9edcd799bd23a6a7a2eb16 Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Wed, 25 Feb 2026 23:05:35 +0800 Subject: [PATCH] Add bounds checking for output tensor buffer in wasi-nn llama.cpp The get_output function copies LLM output into output_tensor->buf without checking against output_tensor->size, allowing writes past the buffer when the model generates output longer than the caller-provided buffer. Add size checks for both the metadata path and the token output loop. --- .../iwasm/libraries/wasi-nn/src/wasi_nn_llamacpp.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn_llamacpp.c b/core/iwasm/libraries/wasi-nn/src/wasi_nn_llamacpp.c index 2e1e64936..f7055d0bf 100644 --- a/core/iwasm/libraries/wasi-nn/src/wasi_nn_llamacpp.c +++ b/core/iwasm/libraries/wasi-nn/src/wasi_nn_llamacpp.c @@ -623,8 +623,11 @@ get_output(void *ctx, graph_execution_context exec_ctx, uint32_t index, printf("%s\n", output_metadata); } - memcpy(output_tensor->buf, output_metadata, strlen(output_metadata)); - *output_tensor_size = strlen(output_metadata); + size_t metadata_len = strlen(output_metadata); + if (metadata_len > output_tensor->size) + metadata_len = output_tensor->size; + memcpy(output_tensor->buf, output_metadata, metadata_len); + *output_tensor_size = metadata_len; return success; } @@ -643,8 +646,11 @@ get_output(void *ctx, graph_execution_context exec_ctx, uint32_t index, printf("%s", buf); } - memcpy(output_tensor->buf + end_pos, buf, strlen(buf)); - end_pos += strlen(buf); + size_t piece_len = strlen(buf); + if (end_pos + piece_len > output_tensor->size) + break; + memcpy(output_tensor->buf + end_pos, buf, piece_len); + end_pos += piece_len; } if (backend_ctx->config.stream_stdout) {