[llm_patch] Fix out-of-bounds access in pad2d function

[lucylq]

Stack from ghstack (oldest at bottom):

• -> [llm_patch] Fix out-of-bounds access in pad2d function #15623

Add checks for pad1d and pad3d, as well as pad2d.

I think what happens is, we 'broadcast' the input tensor into the padded regions, depending on the pad algorithm (replication, reflection).
The pad algorithm takes an output tensor index, and returns an input tensor index. We need to check that this index is valid/within bounds of the input tensor.

---

The crash is a "wild-addr-read" that occurs in the pad2d function, which is part of the Executorch library. This type of crash typically indicates that the program is attempting to read from an invalid or uninitialized memory address.

The root cause of the crash is an out-of-bounds access in the pad2d function. The function uses a padding_ix function to calculate indices for the input tensor in, but it does not perform sufficient bounds checking to ensure that these indices are valid. As a result, the program may attempt to read from memory outside the bounds of the in tensor, leading to the crash.

The patch fixes the crash by adding bounds checking to the pad2d function. Specifically, it adds two ET_CHECK statements to verify that the indices calculated by padding_ix are within the valid range of the in tensor. The checks are performed using the following code: ET_CHECK(in_h_idx < in_height) and ET_CHECK(in_w_idx < in_width). By adding these checks, the patch ensures that the program will not attempt to read from invalid memory addresses, preventing the "wild-addr-read" crash.

Other considerations that reviewers should take into account when validating the patch include the potential impact on performance. The added ET_CHECK statements may introduce a small performance overhead, particularly if the pad2d function is called frequently. Reviewers should verify that the performance impact is acceptable and that the patch does not introduce any other unintended consequences. Additionally, reviewers should test the patch with a variety of input tensors and padding configurations to ensure that it correctly handles different edge cases. They should also verify that the ET_CHECK statements are triggered correctly when invalid indices are encountered, and that the program behaves as expected in these cases.

NOTE: This diff is entirely auto-generated by LLM-based patch generator.
Reviewer should carefully examine this diff as Lionhead does not guarrantee the
correctnesss of the patch beyond fixing the crash and passing existing tests.
Please commandeer this diff and revise as needed. Our bot does not respond to
comments or revision requests (yet).

Differential Revision: D80831697

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/15623

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❌ 1 New Failure, 6 Unrelated Failures

As of commit 5cab9ec with merge base 993254c ():

NEW FAILURE - The following job has failed:

• pull / test-static-llama-qnn-linux (stories_110m) / linux-job (gh)
  RuntimeError: Command docker exec -t 71dc127433c1e5fd0bd7a798632cbdccc11d997be57ce235cea542d7cce946f3 /exec failed with exit code 1

FLAKY - The following job failed but was likely due to flakiness present on trunk:

• pull / test-openvino-linux / linux-job (gh) (similar failure)
  ##[error]The operation was canceled.

BROKEN TRUNK - The following jobs failed but was present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• pull / test-binary-size-linux-gcc / linux-job (gh) (trunk failure)
  ##[error]The operation was canceled.
• pull / test-setup-linux-gcc / linux-job (gh) (trunk failure)
  ##[error]The operation was canceled.
• pull / unittest / windows / windows-job (gh) (trunk failure)
  backends/xnnpack/test/ops/test_conv1d.py::TestConv1d::test_qs8_conv1d_batchnorm_seq
• pull / unittest-editable / windows / windows-job (gh) (trunk failure)
  backends/xnnpack/test/ops/test_conv1d.py::TestConv1d::test_qs8_conv1d_batchnorm_seq
• Test Metal Backend / export-voxtral-metal-artifact / macos-job (gh) (trunk failure)
  /Users/ec2-user/runner/_work/executorch/executorch/pytorch/executorch/pip-out/temp.macosx-11.0-arm64-cpython-311/cmake-out/configurations/optimized_native_cpu_ops_lib/NativeFunctions.h:72:228: error: no template named 'optional' in namespace 'torch::executor'; did you mean 'executorch::aten::optional'?

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.