Fix String Vector OOB Vulnerability

[sayanshaw24]

Fix heap OOB write in VectorToStringImpl::ParseValues and StringToVectorImpl::ParseValues

Summary

Adds a bounds check to ParseValues in both VectorToStringImpl and StringToVectorImpl to prevent a heap buffer overflow write when a crafted ONNX model supplies a map attribute with inconsistent line widths.

Problem

ParseMappingTable derives vector_len_ from the first line of the map attribute and allocates a fixed-size std::vector<int64_t> values(vector_len_). It then calls ParseValues for every subsequent line using the same buffer. ParseValues iterates based on the current line's token count (value_strs.size()) and writes to values[i] without checking whether i is within bounds.

An attacker-authored model with a short first line and a longer later line triggers a linear heap OOB write of attacker-chosen int64_t values at session-creation time.

Fix

Added a size check at the top of ParseValues in both files:

if (value_strs.size() != values.size()) {
  ORTX_CXX_API_THROW(
      MakeString("All map lines must have ", values.size(), " value columns; got ", value_strs.size()),
      ORT_INVALID_ARGUMENT);
}

This enforces the invariant that every line in the map must have the same number of value columns as the first line, and throws before any write occurs if violated.

Files changed

• operators/text/vector_to_string.cc — bounds check in ParseValues
• operators/text/string_to_vector.cc — bounds check in ParseValues (copy-paste sibling)
• test/static_test/test_vector_string_parse.cc — new unit tests

Testing

6 new tests added to the ocos_test target covering both operators:

• Rejects map with more columns on a later line (the OOB trigger case)
• Rejects map with fewer columns on a later line
• Accepts map with consistent column widths

All 60 tests in ocos_test pass.

[Copilot]

Pull request overview

This pull request hardens the TF-String text operators’ mapping-table parsing to prevent a heap out-of-bounds write when the map attribute contains inconsistent value-column widths across lines.

Changes:

• Added a strict column-count equality check in VectorToStringImpl::ParseValues to prevent writes past the preallocated values buffer.
• Added the same check in StringToVectorImpl::ParseValues for the sibling operator.
• Added new static unit tests validating rejection of inconsistent column widths and acceptance of consistent mappings.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
operators/text/vector_to_string.cc	Adds a guard to reject mapping lines whose token count differs from the expected vector length, preventing OOB writes.
operators/text/string_to_vector.cc	Mirrors the same guard in the reverse mapping operator for consistent safety behavior.
test/static_test/test_vector_string_parse.cc	Adds regression tests for inconsistent/consistent mapping table line widths for both operators.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.