Skip to content

[UR][CUDA][HIP] Fix heap buffer overflow in kernel argument updates#21392

Draft
kekaczma wants to merge 1 commit intosyclfrom
ur-kernel-args-heap-overflow
Draft

[UR][CUDA][HIP] Fix heap buffer overflow in kernel argument updates#21392
kekaczma wants to merge 1 commit intosyclfrom
ur-kernel-args-heap-overflow

Conversation

@kekaczma
Copy link
Contributor

@kekaczma kekaczma commented Feb 27, 2026

Security: Prevent heap buffer overflow when updating kernel arguments with mismatched sizes.

The original code used assert() to validate size consistency, which is compiled out in release builds (-DNDEBUG). An attacker could exploit this by setting a small argument initially (passing bounds check) then updating with a larger size (bypassing check), causing heap overflow.

Changes:

  • Replace debug-only assert() with runtime validation
  • Throw UR_RESULT_ERROR_INVALID_ARGUMENT on size mismatch
  • Affects urKernelSetArgValue() API in CUDA and HIP adapters

@kekaczma
[UR][CUDA/HIP] Fix heap buffer overflow in kernel argument updates
a4d26fb 
Security: Prevent heap buffer overflow when updating kernel arguments
with mismatched sizes.

The original code used assert() to validate size consistency, which is
compiled out in release builds (-DNDEBUG). An attacker could exploit
this by setting a small argument initially (passing bounds check) then
updating with a larger size (bypassing check), causing heap overflow.

Changes:
- Replace debug-only assert() with runtime validation
- Throw UR_RESULT_ERROR_INVALID_ARGUMENT on size mismatch
- Affects urKernelSetArgValue() API in CUDA and HIP adapters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kekaczma