Use safe_numel() in et#19075
Merged
meta-codesync[bot] merged 6 commits intogh/lucylq/155/basefrom Apr 25, 2026
Merged
Conversation
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing. Authored with Claude. Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/) [ghstack-poisoned]
🔗 Helpful Links🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/19075
Note: Links to docs will display an error until the docs builds have been completed. ❗ 1 Active SEVsThere are 1 currently active SEVs. If your PR is affected, please view them below: ❌ 1 Cancelled Job, 1 Pending, 4 Unrelated FailuresAs of commit 75530a3 with merge base eef7921 ( CANCELLED JOB - The following job was cancelled. Please retry:
FLAKY - The following jobs failed but were likely due to flakiness present on trunk:
BROKEN TRUNK - The following jobs failed but were present on the merge base:👉 Rebase onto the `viable/strict` branch to avoid these failures
This comment was automatically generated by Dr. CI and updates every 15 minutes. |
This was referenced Apr 23, 2026
Merged
meta-cla
Bot
added
the
CLA Signed
This PR needs a
|
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing. Authored with Claude. Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/) [ghstack-poisoned]
lucylq
pushed a commit
that referenced
this pull request
Apr 24, 2026
Pull Request resolved: #19075 Replace compute_numel() with safe_numel() Authored with Claude. ghstack-source-id: 371824079 @exported-using-ghexport Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/)
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing. Authored with Claude. Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/) [ghstack-poisoned]
lucylq
pushed a commit
that referenced
this pull request
Apr 24, 2026
Pull Request resolved: #19075 Replace compute_numel() with safe_numel() Authored with Claude. ghstack-source-id: 372480318 @exported-using-ghexport Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/)
JacobSzwejbka
approved these changes
Apr 24, 2026
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing. Authored with Claude. Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/) [ghstack-poisoned]
lucylq
pushed a commit
that referenced
this pull request
Apr 24, 2026
Pull Request resolved: #19075 Replace compute_numel() with safe_numel() Authored with Claude. ghstack-source-id: 372584817 @exported-using-ghexport Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/)
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing. Authored with Claude. Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/) [ghstack-poisoned]
lucylq
pushed a commit
that referenced
this pull request
Apr 24, 2026
Pull Request resolved: #19075 Replace compute_numel() with safe_numel() Authored with Claude. ghstack-source-id: 372584817 @exported-using-ghexport Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/)
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing. Authored with Claude. Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/) [ghstack-poisoned]
lucylq
pushed a commit
that referenced
this pull request
Apr 24, 2026
Pull Request resolved: #19075 Replace compute_numel() with safe_numel() Authored with Claude. ghstack-source-id: 372649703 @exported-using-ghexport Differential Revision: [D102082911](https://our.internmc.facebook.com/intern/diff/D102082911/)
meta-codesync
Bot
merged commit b84894f
into
gh/lucylq/155/base
167 of 173 checks passed
lucylq
added a commit
that referenced
this pull request
Apr 25, 2026
Differential Revision: D102082911 Pull Request resolved: #19075
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stack from ghstack (oldest at bottom):
The wasm bindings' assert_valid_numel() helper previously computed numel without overflow detection, letting a malicious tensor shape wrap to a small value that bypassed the data-size check. Replace with safe_numel() (returns Result<ssize_t>) and propagate the error via THROW_IF_ERROR as a JavaScript exception, matching the rest of the wasm error plumbing.
Authored with Claude.
Differential Revision: D102082911