Re-land cve security fix (#16103)

lucylq · web-flow · commit 42e32227bd4d · 2025-12-05T14:10:58.000-08:00
Summary: Was reverted by D78689027

Differential Revision: D88502561
diff --git a/runtime/core/hierarchical_allocator.h b/runtime/core/hierarchical_allocator.h
@@ -57,6 +57,14 @@ class HierarchicalAllocator final {
       uint32_t memory_id,
       size_t offset_bytes,
       size_t size_bytes) {
+    // Check for integer overflow in offset_bytes + size_bytes.
+    ET_CHECK_OR_RETURN_ERROR(
+        size_bytes <= SIZE_MAX - offset_bytes,
+        InvalidArgument,
+        "Integer overflow in offset_bytes (%" ET_PRIsize_t
+        ") + size_bytes (%" ET_PRIsize_t ")",
+        offset_bytes,
+        size_bytes);
     ET_CHECK_OR_RETURN_ERROR(
         memory_id < buffers_.size(),
         InvalidArgument,
