Fix out_of_bounds_read in getConstantDataPtr (XNNCompiler.cpp) (T267371218)

[psiddh]

Reviewed By: psiddh

Differential Revision: D104380965

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/19595

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❗ 1 Active SEVs

There are 1 currently active SEVs. If your PR is affected, please view them below:

• Run pull request jobs on OSDC runners in shadow mode

❌ 3 New Failures, 3 Unrelated Failures

As of commit 3217833 with merge base 12c1195 ():

NEW FAILURES - The following jobs have failed:

• pull / unittest-buck / macos / macos-job (gh)
  Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/Users/ec2-user/runner/_work/executorch/executorch/test-infra/.github/actions/check-disk-space'. Did you forget to run actions/checkout before running your local action?
• Test CoreML Backend / test-coreml / test-backend-macos (coreml, models) / macos-job (gh)
  Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/Users/ec2-user/runner/_work/executorch/executorch/test-infra/.github/actions/check-disk-space'. Did you forget to run actions/checkout before running your local action?
• Test CoreML Backend / test-coreml / test-backend-macos (coreml, operators) / macos-job (gh)
  Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/Users/ec2-user/runner/_work/executorch/executorch/test-infra/.github/actions/check-disk-space'. Did you forget to run actions/checkout before running your local action?

FLAKY - The following jobs failed but were likely due to flakiness present on trunk:

• pull / test-coreml-bc-macos (macos-m1-stable) / macos-job (gh) (detected as infra flaky with no log or failing log classifier)
• pull / unittest / macos / macos-job (gh) (detected as infra flaky with no log or failing log classifier)
• pull / unittest-editable / macos / macos-job (gh) (detected as infra flaky with no log or failing log classifier)

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

[Copilot]

Pull request overview

This PR hardens XNNPACK constant-weight loading by adding explicit bounds checking when resolving constant data offsets, preventing out-of-bounds reads when deserializing models that use the external constant-data region (via XNNHeader).

Changes:

• Pass constant_data_size through the compilation pipeline so constant data lookups can be validated.
• Add an out-of-bounds guard for {offset, size} entries before returning constant_data_ptr + offset.
• Include <cinttypes> to safely format uint64_t values in error messages.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.