Fixing dump model ops feature on Windows for MGX EP #26395
Conversation
|
Thanks. |
|
I added changes for this. I added check if file is open, if it's not successfully opened then we can throw an error, otherwise print a log. In this way check for closing is not necessary, it will be closed in the ofstream destructor after leaving the block. |
|
This PR looks good and fixes the issue on Windows. From a security perspective, there's a potential path traversal vulnerability here. The filenames for the dumped models are created from the graph/node names in the ONNX model without sanitization. An attacker could craft a model with a name like This feature is for debugging, so the risk is lower, but it's still a potential issue if used in a shared environment. I'd recommend sanitizing the names before using them as filenames. A simple sanitization function could be something like this: #include <string>
#include <string_view>
std::string SanitizeFileName(std::string_view name) {
std::string newName(name);
for (char& c : newName) {
switch (c) {
case '\\':
case '/':
case '\"':
case '|':
case '<':
case '>':
case ':':
case '?':
case '*':
c = '_';
break;
}
}
return newName;
}
// ... usage ...
std::string model_name = SanitizeFileName(graph_viewer.Name()) + ".onnx";I've noticed that other parts of onnxruntime that write files might also not have strong path traversal prevention, so this might be a broader issue. Given that, I'll leave it to you to decide if this is something you want to address in this PR or if it should be handled separately as a larger effort to improve security across the project. Other than this security consideration, the PR looks good to me. |
| if (dump_model_ops_) { | ||
| std::string onnx_name = fused_node.Name() + ".onnx"; | ||
| std::ofstream ofs(onnx_name); | ||
| std::ofstream ofs(onnx_name, std::ios::binary); |
There was a problem hiding this comment.
There seems to be a small typo here. The variable should probably be onnx_name instead of model_name to match the variable defined a few lines above.
| std::ofstream ofs(onnx_name, std::ios::binary); | ||
| if (!ofs.is_open()) { | ||
| ORT_THROW("Failed to open file to dump ONNX model: " + model_name); | ||
| } |
There was a problem hiding this comment.
Similar to the ORT_THROW above, this should likely use onnx_name to log the correct filename.
| std::ofstream ofs(onnx_name); | ||
| std::ofstream ofs(onnx_name, std::ios::binary); | ||
| if (!ofs.is_open()) { | ||
| ORT_THROW("Failed to open file to dump ONNX model: " + model_name); |
There was a problem hiding this comment.
This is a good fix. For even more robust error handling, you might consider checking the stream's state after closing the file (e.g., if (!ofs)). This would catch potential errors during the final flush to disk, which could result in a corrupt or incomplete file. However, I see that not checking the return of close() is a common pattern in this codebase, so this is more of a suggestion for hardening the code rather than a required change for this PR.
2 participants
Fixing dump model ops feature for MIGraphX EP on Windows. The feature wasn't functional because of saving format rules on Windows which are opposite from Linux.
Current state of the feature gives us opportunity to generate and save onnx model after subgraph optimizations before compiling it. On this way we can look how model graph looks like after optimizations and we can use the optimized model.