security fix for transpose optimizer (#27555)
A denial-of-service (DoS) vulnerability exists in the ONNX Runtime's
TransposeOptimizer component. The issue arises when a maliciously
crafted ONNX model with specific tensor ranks, such as rank-0 or scalar,
triggers a division-by-zero error during the graph optimization phase.
This occurs due to the improper handling of tensor ranks and
permutations in the optimizer utility Permute1DConstant, particularly
when processing Pad nodes. The vulnerability can lead to an immediate
process crash, such as SIGFPE or SIGSEGV.
---------
Co-authored-by: Prathik Rao <prathikrao@microsoft.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
