- 22 9月, 2020 5 次提交
-
-
由 Mihai Maruseac 提交于
Update version numbers for TensorFlow 1.15.4
-
-
由 Mihai Maruseac 提交于
Update release notes for TensorFlow 1.15.4
-
由 Mihai Maruseac 提交于
-
-
- 21 9月, 2020 18 次提交
-
-
由 Mihai Maruseac 提交于
Fix broken tests after cherrypicks
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Remove import that is not needed
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Fix import path
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Cast away a const in intermediate API
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Fix typo in macro
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Fix import path
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Solve leftover from merge conflict
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
Patch for TF 1.15.4
-
由 Mihai Maruseac 提交于
PiperOrigin-RevId: 332578058 Change-Id: I9727571d2f21476b10d8aa27c1b7176564b76ac9
-
由 Mihai Maruseac 提交于
Also add tests as they were lacking PiperOrigin-RevId: 332566071 Change-Id: I44277578e26ff5fb3fdb0dcbba6e91b2ec3e7859
-
- 20 9月, 2020 12 次提交
-
-
由 Mihai Maruseac 提交于
The `tensorflow::Shard` functions last argument must be a 2 argument function where both arguments are `int64` (`long long`, 64 bits). However, there are usages where code passes in a function where arguments are `int` or `int32` (32 bits). In these cases, it is possible that the integer truncation would later cause a segfault or other unexpected behavior. PiperOrigin-RevId: 332560414 Change-Id: Ief649406babc8d4f60b3e7a9d573cbcc5ce5b767
-
由 Mihai Maruseac 提交于
The function argument in `Shard` must be a function of two `int64` arguments. However, we are passing in a function with two `int` arguments. Thus, for large workloads, these arguments get truncated from positive `int64` values to negative `int` ones, resulting in a buffer out of bounds write. PiperOrigin-RevId: 332557334 Change-Id: I236c9a2e7f53580e520571da8ba941a3aa9fa0b5
-
由 Mihai Maruseac 提交于
The `printf` format specifier only allows `#`, `0`, `-`, `+` and space as flag characters. Others are interpreted as width/precision/length modifier or conversion specifiers. If a character does not fit into any of these sets `printf` just displays it. Also add a test suite for `tf.strings.as_string`. Also fix the issue where the flag character was used only if width was specified. PiperOrigin-RevId: 332553548 Change-Id: Ie57cf2a7c14d1a36097642794c14329db669bbba
-
由 Mihai Maruseac 提交于
In eager mode, session state is null. PiperOrigin-RevId: 332548597 Change-Id: If094812c2e094044220b9ba28f7d7601be042f38
-
由 Mihai Maruseac 提交于
Without validation, we can cause a heap buffer overflow which results in data leakage and/or segfaults. PiperOrigin-RevId: 332543478 Change-Id: Iee5bda24497a195d09d122355502480830b1b317
-
由 Mihai Maruseac 提交于
-
由 Mihai Maruseac 提交于
We already validated `NodeDef`s from a `GraphDef` but missed validating those from the `FunctionDefLibrary`. Thus, some maliciously crafted models could evade detection and cause denial of service due to a `CHECK`-fail. PiperOrigin-RevId: 332536309 Change-Id: I052efe919ff1fe2f90815e286a1aa4c54c7b94ff
-
由 Mihai Maruseac 提交于
Also reorder fuzz generated test cases following f760f88b PiperOrigin-RevId: 308339007 Change-Id: I11d825203964cf3397846c57fd4a6f458e8536f3
-
由 Mihai Maruseac 提交于
PiperOrigin-RevId: 308283636 Change-Id: Ib10849425de7d541d8dacfe4d0c709fbac9180b6
-
由 Mihai Maruseac 提交于
In Python, a list `l` of length `n` allows indexing with negative indices, `l[i]`. The only constraint is that `n + i` becomes positive. Code in `ResolveAxis` assumes the constraints and only checks it using a `DCHECK`. But the macro is a no-op in non-debug builds and that can result in reading from negative offsets (buffer underflows). PiperOrigin-RevId: 332530683 Change-Id: I464e073fee618054ae3719a3679739007bb3f3bc
-
由 Mihai Maruseac 提交于
We check in `MatchingDim` that both arguments have the same dimensionality, however that is a `DCHECK` only enabled if building in debug mode. Hence, it could be possible to cause buffer overflows by passing in a tensor with larger dimensions as the second argument. To fix, we now make `MatchingDim` return the minimum of the two sizes. A much better fix would be to return a status object but that requires refactoring a large part of the codebase for minor benefits. PiperOrigin-RevId: 332526127 Change-Id: If627d0d2c80a685217b6e0d1e64b0872dbf1c5e4
-
由 Mihai Maruseac 提交于
A crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. That is, by carefully changing the buffer index in the flatbuffer serialization, we can force the TFLite interpreter to consider a read-only tensor to be a read-write one and assume that there is an operator that has this tensor as output, writing to it and allocating memory before the tensor is used as input. If this does not happen, we get memory corruption. PiperOrigin-RevId: 332524692 Change-Id: I57ef175152a29020af9ab041dc959e5631dce40f
-
- 19 9月, 2020 5 次提交
-
-
由 Mihai Maruseac 提交于
If a model uses the same tensor for both an input and an output then this can result in data loss and memory corruption. This should not happen. PiperOrigin-RevId: 332522916 Change-Id: If0905b142415a9dfceaf2d181872f2a8fb88f48a
-
由 Mihai Maruseac 提交于
With the previous change, there is no more need for two separate APIs. We would deprecate `GetOptionalInputTensor` in the future. PiperOrigin-RevId: 332513386 Change-Id: Id7110271c25ebd6126ad8c82a493e37e0e0756b3
-
由 Mihai Maruseac 提交于
`GetInput`, `GetVariableInput` and `GetOutput` all fail to check for the case where `node->inputs->data[index]` is the special `kTfLiteOptionalTensor` value (-1) which then causes `context->tensors[node->inputs->data[index]]` to read from invalid memory location. This fix makes `GetInput` and related return `nullptr` in those cases, asking the caller to check for `nullptr`. This is better than having `GetOptionalInputTensor` and `GetOptionalOutputTensor` (does not exist but could be added) as using the patched `GetInput` in error would be caught by a sanitizer test in the default optimized build (due to the `-fsanitize=null` option). PiperOrigin-RevId: 332512190 Change-Id: Iabca54da2f2de02b6ece3c38b54f76d4277d689e
-
由 Mihai Maruseac 提交于
Buffers in the model are allocated globally, hence it makes sense to check for their presence only once (O(1)) instead of on every subgraph (O(n)). PiperOrigin-RevId: 323677724 Change-Id: I2da0c381093006828cc4c80f03dec8a917782861
-
由 Mihai Maruseac 提交于
Cherry-pick sqlite version bump
-