YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
TensorRT / onnx-tensorrt PoC: Loop body input OOB (crash)
This repo contains a small malformed ONNX model that triggers a deterministic crash in onnx-tensorrt's Loop importer.
Summary
The ONNX Loop operator has a body subgraph.
onnx-tensorrt assumes that the number of inputs in the loop body subgraph is at least the number of inputs on the outer Loop node.
If a malicious ONNX model provides a Loop node with 3 inputs (trip-count, condition, state0) but the body graph contains only 2 inputs, the parser indexes body.input(2) out-of-bounds while mapping state variables.
Files
poc_loop_body_input_oob.onnxโ malformed ONNX modelmake_poc_loop_body_input_oob.pyโ generator script (does not require theonnxpip package)gen/onnx_pb2.pyโ protobuf bindings generated fromonnx.proto
Reproduction (typical TensorRT install)
Using trtexec
trtexec --onnx=poc_loop_body_input_oob.onnx --verbose
Expected result: process crash / abort during ONNX parse or network build.
Using the C++ API
Any code path that calls the TensorRT ONNX parser on this model should reproduce, e.g. nvonnxparser::IParser::parseFromFile().
Regenerating the model
# Requires: python3 + protobuf runtime, and a generated onnx_pb2 (already included in gen/)
python3 make_poc_loop_body_input_oob.py poc_loop_body_input_oob.onnx