Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Infinite loop in XNNExecutor::resize_outputs#17181

Merged
lucylq merged 1 commit into
mainfrom
lfq.security-14
Feb 4, 2026
Merged

Infinite loop in XNNExecutor::resize_outputs#17181
lucylq merged 1 commit into
mainfrom
lfq.security-14

Conversation

@lucylq

@lucylq lucylq commented Feb 3, 2026

Copy link
Copy Markdown
Contributor

Summary

size_t --> ssize_t so it's signed and won't loop indefinitely.

Test plan

cd build
cmake .. -DEXECUTORCH_BUILD_TESTS=ON -DEXECUTORCH_BUILD_XNNPACK=ON
cmake --build . --target backends_xnnpack_test
ctest -R  backends_xnnpack_test -V

@pytorch-bot

pytorch-bot Bot commented Feb 3, 2026
edited
Loading

Copy link
Copy Markdown

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/17181

Note: Links to docs will display an error until the docs builds have been completed.

❌ 2 New Failures, 1 Unrelated Failure

As of commit 40c4f93 with merge base 56adf76 (image):

NEW FAILURES - The following jobs have failed:

FLAKY - The following job failed but was likely due to flakiness present on trunk:

This comment was automatically generated by Dr. CI and updates every 15 minutes.

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Feb 3, 2026
@github-actions

github-actions Bot commented Feb 3, 2026

Copy link
Copy Markdown

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

@lucylq lucylq marked this pull request as ready for review February 3, 2026 23:08
@lucylq lucylq requested a review from digantdesai as a code owner February 3, 2026 23:08
Copilot AI review requested due to automatic review settings February 3, 2026 23:08
Copilot AI reviewed Feb 3, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes an infinite loop in XNNExecutor::resize_outputs when converting XNNPACK argmax indices from int32 to int64, and adds a regression test to cover the conversion path.

Changes:

  • Use a signed loop index (ssize_t) when iterating backwards over numel() in XNNExecutor::resize_outputs.
  • Add an XNNPACK runtime test that exercises argmax-pooling index output conversion to int64 (and would previously hang due to the infinite loop).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
backends/xnnpack/runtime/XNNExecutor.cpp Fixes the backwards loop in int32→int64 index conversion to avoid unsigned underflow/infinite looping.
backends/xnnpack/test/runtime/test_xnnexecutor.cpp Adds a regression test validating argmax index conversion into a Long tensor.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread backends/xnnpack/test/runtime/test_xnnexecutor.cpp Outdated
GregoryComer
GregoryComer reviewed Feb 3, 2026
View reviewed changes
Comment thread backends/xnnpack/runtime/XNNExecutor.cpp
if (out_tensor->scalar_type() == ScalarType::Long) {
int64_t* data_64 = out_tensor->mutable_data_ptr<int64_t>();
const int32_t* data_32 = out_tensor->const_data_ptr<int32_t>();
for (size_t j = out_tensor->numel() - 1; j >= 0; --j) {

@GregoryComer GregoryComer Feb 3, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, I'm surprised this has wasn't caught before.

@lucylq lucylq merged commit 8e99f3b into main Feb 4, 2026
178 of 181 checks passed
@lucylq lucylq deleted the lfq.security-14 branch February 4, 2026 02:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@GregoryComer GregoryComer GregoryComer approved these changes

@digantdesai digantdesai Awaiting requested review from digantdesai digantdesai is a code owner

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. security-fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lucylq @GregoryComer