bl4cksku11 opened a new issue, #19585: URL: https://github.com/apache/tvm/issues/19585
### Component RPC / Tracker ### Description `TCPEventHandler.on_message` in `python/tvm/rpc/tracker.py` reads `_msg_size` from the wire as a signed int32 with no upper bound, then appends every subsequent socket read to `self._data` until `len(self._data) >= self._msg_size + 4`. A single TCP connection sending a 4-byte size header of `0x7FFFFFFF` followed by a stream of bytes grows the buffer until the tracker process OOMs. A second variant: if the wire size decodes to 0, the inner `if self._msg_size == 0` branch peeks at `_data[:4]` but never consumes those bytes; subsequent appends grow `_data` indefinitely. This is a robustness defect, not a security vulnerability: the TVM security model (https://tvm.apache.org/docs/reference/security.html) states the RPC subsystem is to be deployed only on trusted networks and grants full RCE to any reachable client by design. Filing per Apache security team guidance (private security@ thread, 2026-05-17) as a regular issue rather than an advisory. ### Reproduction Reproduced on commit 4b93f20 (v0.25.dev0). Server RSS climbs 1:1 with bytes sent over a single connection after the magic handshake. ### Proposed fix Add `MAX_TRACKER_MSG_BYTES = 1 << 20` constant; reject `_msg_size` outside `(0, MAX_TRACKER_MSG_BYTES]` and close the connection. Consume the 4-byte size header on read so the payload-complete branch operates on payload bytes only. PR follows. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
