Hi,
I found some possible null pointer dereferences with Svace static analyzer.
- Possible dereference of NULL
cache_provider in xnn_create_weights_cache_with_size():
|
error: |
|
xnn_internal_release_weights_cache(cache_provider->context); |
|
return status; |
|
} |
Bailing out occured with uninitialized cache_provider:
|
struct xnn_weights_cache_provider* cache_provider = NULL; |
|
enum xnn_status status = xnn_status_uninitialized; |
|
|
|
if ((xnn_params.init_flags & XNN_INIT_FLAG_XNNPACK) == 0) { |
|
xnn_log_error("failed to create weights cache: XNNPACK is not initialized"); |
|
goto error; |
|
} |
|
|
|
cache_provider = xnn_allocate_zero_memory(sizeof(struct xnn_weights_cache_provider)); |
|
if (cache_provider == NULL) { |
|
xnn_log_error("failed to allocate %zu bytes for weights cache provider descriptor", sizeof(struct xnn_weights_cache_provider)); |
|
goto error; |
|
} |
- Possible dereference of NULL
resize_op in create_resize_bilinear2d_nhwc() during error logging:
|
xnn_operator_t resize_op = NULL; |
|
enum xnn_status status = xnn_status_uninitialized; |
|
|
|
if ((xnn_params.init_flags & XNN_INIT_FLAG_XNNPACK) == 0) { |
|
xnn_log_error("failed to create %s operator: XNNPACK is not initialized", |
|
xnn_operator_type_to_string(operator_type)); |
|
goto error; |
|
} |
|
|
|
status = xnn_status_invalid_parameter; |
|
|
|
if (output_width == 0 || output_height == 0) { |
|
xnn_log_error( |
|
"failed to reshape %s operator with %zux%zu output: output dimensions must be non-zero", |
|
xnn_operator_type_to_string(resize_op->type), output_width, output_height); |
|
return xnn_status_invalid_parameter; |
|
} |
|
|
|
if (max(output_width, output_height) >= 16777216) { |
|
xnn_log_error( |
|
"failed to reshape %s operator with %zux%zu output: output dimensions must be below 2**24", |
|
xnn_operator_type_to_string(resize_op->type), output_width, output_height); |
|
return xnn_status_unsupported_parameter; |
|
} |
|
|