echo icon indicating copy to clipboard operation
echo copied to clipboard
verified publisher icon timi-liuliang

Security overflow patch

Open CoSunshine opened this issue 2 months ago • 2 comments

https://github.com/timi-liuliang/echo/blob/master/thirdparty/google/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L146 is potential overflow when creating required bytes.

patched by developer:https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043

CoSunshine avatar Oct 27 '25 02:10 CoSunshine

Similar, there is a race condition in function: https://github.com/timi-liuliang/echo/blob/master/thirdparty/google/tensorflow/lite/kernels/activations.cc#L1603

patched by tensorflow: https://github.com/tensorflow/tensorflow/commit/ce8e286aed092f9a3af8c9b85bf290e1558deced

CoSunshine avatar Oct 27 '25 02:10 CoSunshine

There is potential null pointer in this function: https://github.com/timi-liuliang/echo/blob/master/thirdparty/google/tensorflow/lite/kernels/add.cc#L87

general_scale_int16 = !params || !params->pot_scale_int16;

already be patched by tensorflow: https://github.com/tensorflow/tensorflow/commit/bbd2987b3f2d8e1255f98b943d4dfaa7e7abaf0c

CoSunshine avatar Oct 27 '25 02:10 CoSunshine