onnxruntime

0e735353 - Fix heap OOB write in MaxPoolGrad via indices bounds validation (#27903)

Fix heap OOB write in MaxPoolGrad via indices bounds validation (#27903) ### Description `MaxPoolGrad` uses `Indices` tensor values as raw pointer offsets into the output buffer without bounds checking. A malicious model can supply arbitrary index values to write to arbitrary heap locations. **Fix:** Validate each index is in `[0, dX_size)` before use via `ORT_RETURN_IF`, returning an error for out-of-range values. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>