Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Resolve integer overflow in Load API file decoding #7787

Merged
merged 7 commits into from
Nov 22, 2024
Merged

fix: Resolve integer overflow in Load API file decoding #7787

merged 7 commits into from
Nov 22, 2024

Conversation

pskiran1
Copy link
Member

@pskiran1 pskiran1 commented Nov 13, 2024
edited
Loading

What does the PR do?

This PR addresses the following issue:

  • When large data is sent to /v2/repository/models/<model_name>/load, the server converts the param_len variable from size_t to const int to pass it to base64_decode_block. This conversion can cause an integer overflow in base64_decode_block, leading to a server crash with a segmentation fault.
  • A similar issue occurs with /v2/cudasharedmemory/region/{}/register when large data is sent for the raw_handle parameter.

Checklist

  • PR title reflects the change and is of format <commit_type>: <Title>
  • Changes are described in the pull request.
  • Related issues are referenced.
  • Populated github labels field
  • Added test plan and verified test passes.
  • Verified that the PR passes existing CI.
  • Verified copyright is correct on all changed files.
  • Added succinct git squash message before merging ref.
  • All template sections are filled out.
  • Optional: Additional screenshots for behavior/output changes with before/after.

Commit Type:

Check the conventional commit type
box here and add the label to the github PR.

  • build
  • ci
  • docs
  • feat
  • fix
  • perf
  • refactor
  • revert
  • style
  • test

Related PRs:

Where should the reviewer start?

Test plan:

  • CI Pipeline ID: 20358255

Caveats:

Background

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

  • closes GitHub issue: #xxx

@pskiran1 pskiran1 added the PR: fix A bug fix label Nov 13, 2024
@pskiran1 pskiran1 changed the title fix: Load API file decode overflow fix: Resolve integer overflow in Load API file decoding Nov 13, 2024
@pskiran1 pskiran1 marked this pull request as ready for review November 13, 2024 16:55
@pskiran1 pskiran1 requested a review from GuanLuo November 14, 2024 07:17
@statiraju statiraju requested a review from rmccorm4 November 18, 2024 19:10
tanmayv25
tanmayv25 reviewed Nov 19, 2024
View reviewed changes
src/http_server.cc Outdated Show resolved Hide resolved
@pskiran1 pskiran1 requested a review from tanmayv25 November 20, 2024 19:38
@pskiran1 pskiran1 merged commit 1bc36c3 into main Nov 22, 2024
3 checks passed
@pskiran1 pskiran1 deleted the spolisetty_http_load_api_fix branch November 22, 2024 04:46
@KrishnanPrash KrishnanPrash mentioned this pull request Dec 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tanmayv25 tanmayv25 tanmayv25 approved these changes

@GuanLuo GuanLuo Awaiting requested review from GuanLuo

@rmccorm4 rmccorm4 Awaiting requested review from rmccorm4

Assignees
No one assigned
Labels
PR: fix A bug fix
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pskiran1 @tanmayv25 @GuanLuo