onnxruntime

f6e8b0b8 - add more ORT_ENFORCE when building the tree structure of TreeEnsemble operators (#27677)

add more ORT_ENFORCE when building the tree structure of TreeEnsemble operators (#27677) ### Description Hardens `TreeEnsemble` initialization against malformed/unvalidated ONNX models by adding missing bounds checks and fixing existing ones. **Validation additions (`tree_ensemble_attribute.h`)** - Validate `base_values` / `base_values_as_tensor` size against `n_targets_or_classes`: must be 0 or N (or ≤ 2 for binary classifiers) **Validation additions/fixes (`tree_ensemble_common.h`)** - Pre-loop: add `target_class_treeids.size() == limit` check alongside existing `target_class_ids`, `target_class_nodeids`, and weights size checks - `nodes_featureids[i]`: validate original `int64_t` value is in `[0, INT_MAX]` **before** narrowing cast to `int` — prevents large values wrapping to positive ints and bypassing the old post-cast `>= 0` check; original attribute value included in error message - Per-row `ProcessTreeNodeLeave` calls (sections C/D/E, C2/D2/E2): pass `x_data + (i+1)*stride` (per-row end) instead of `x_data + N*C` (global tensor end); removes `x_data_end` from per-row lambda captures - Error message for `target_class_ids` range check uses `target_class_ids` (not the old hard-coded `target_ids`) **Tests** - Negative tests for out-of-range `target_ids`, negative `nodes_featureids`, wrong-sized `base_values` (regressor and classifier, binary/multi-class) ### Motivation and Context Tree-building code assumed ONNX models had been pre-validated. These changes prevent out-of-bounds memory access and wrap-around bugs when loading unvalidated or adversarially crafted models. --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: xadupre <22452781+xadupre@users.noreply.github.com>