Validate buffer in tflite::FlatBufferModel::BuildFromBuffer.

PiperOrigin-RevId: 225400229

Validate buffer in tflite::FlatBufferModel::BuildFromBuffer.
PiperOrigin-RevId: 225400229
4b83eaab · Mihai Maruseac · TensorFlower Gardener · f1784d91 · 4b83eaab · 4b83eaab
隐藏空白更改
内联并排

Showing with 36 addition and 0 deletion

tensorflow/lite/model.cc tensorflow/lite/model.cc +18 -0

tensorflow/lite/model.h tensorflow/lite/model.h +18 -0

未找到文件。
--- a/tensorflow/lite/model.cc
+++ b/tensorflow/lite/model.cc
@@ -121,6 +121,24 @@ std::unique_ptr<FlatBufferModel> FlatBufferModel::BuildFromBuffer(
  return model;
 }

+std::unique_ptr<FlatBufferModel> FlatBufferModel::VerifyAndBuildFromBuffer(
+    const char* buffer, size_t buffer_size, TfLiteVerifier* verifier,
+    ErrorReporter* error_reporter) {
+  error_reporter = ValidateErrorReporter(error_reporter);
+
+  flatbuffers::Verifier base_verifier(reinterpret_cast<const uint8_t*>(buffer),
+                                      buffer_size);
+  if (!VerifyModelBuffer(base_verifier)) {
+    return nullptr;
+  }
+
+  if (verifier && !verifier->Verify(buffer, buffer_size, error_reporter)) {
+    return nullptr;
+  }
+
+  return BuildFromBuffer(buffer, buffer_size, error_reporter);
+}
+
 std::unique_ptr<FlatBufferModel> FlatBufferModel::BuildFromModel(
    const tflite::Model* model_spec, ErrorReporter* error_reporter) {
  error_reporter = ValidateErrorReporter(error_reporter);

--- a/tensorflow/lite/model.h
+++ b/tensorflow/lite/model.h
@@ -80,10 +80,28 @@ class FlatBufferModel {
  // is destroyed. Caller retains ownership of `error_reporter` and must ensure
  // its lifetime is longer than the FlatBufferModel instance.
  // Returns a nullptr in case of failure.
+  // NOTE: this does NOT validate the buffer so it should NOT be called on
+  // invalid/untrusted input. Use VerifyAndBuildFromBuffer in that case
  static std::unique_ptr<FlatBufferModel> BuildFromBuffer(
      const char* buffer, size_t buffer_size,
      ErrorReporter* error_reporter = DefaultErrorReporter());

+  // Verifies whether the content of the buffer is legit, then builds a model
+  // based on the pre-loaded flatbuffer.
+  // The verifier argument is an additional optional verifier for the buffer. By
+  // default, we always check with tflite::VerifyModelBuffer. If verifier is
+  // supplied, the buffer is checked against the verifier after the check
+  // against tflite::VerifyModelBuilder.
+  // The caller retains ownership of the buffer and should keep it alive until
+  // the returned object is destroyed. Caller retains ownership of
+  // `error_reporter` and must ensure its lifetime is longer than the
+  // FlatBufferModel instance.
+  // Returns a nullptr in case of failure.
+  static std::unique_ptr<FlatBufferModel> VerifyAndBuildFromBuffer(
+      const char* buffer, size_t buffer_size,
+      TfLiteVerifier* verifier = nullptr,
+      ErrorReporter* error_reporter = DefaultErrorReporter());
+
  // Builds a model directly from a flatbuffer pointer. The caller retains
  // ownership of the buffer and should keep it alive until the returned object
  // is destroyed. Caller retains ownership of `error_reporter` and must ensure