Integer overflow in PlatformMemoryAllocator::allocate()

[lucylq]

Add overflow checking before computing the total allocation size (sizeof(AllocationNode) + size + alignment) in PlatformMemoryAllocator::allocate().

Previously, when this sum exceeded SIZE_MAX, it would wrap around to a small value, causing pal_allocate to allocate an undersized buffer. This could lead to subsequent out-of-bounds writes. The fix validates each addition step against SIZE_MAX and returns nullptr on overflow.

This PR was authored with the assistance of Claude.

Test plan

cmake -B build -DEXECUTORCH_BUILD_TESTS=ON
cmake --build build --target memory_allocator_test
ctest --test-dir build -R memory_allocator_test --output-on-failure

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/18680

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❌ 1 New Failure, 3 Unrelated Failures

As of commit 0f1f47a with merge base ee92757 ():

NEW FAILURE - The following job has failed:

• pull / android / run-emulator (gh)
  The process '/usr/bin/sh' failed with exit code 1

FLAKY - The following job failed but was likely due to flakiness present on trunk:

• pull / test-arm-cortex-m-size-test (bare_metal) / linux-job (gh) (detected as infra flaky with no log or failing log classifier)

BROKEN TRUNK - The following jobs failed but was present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• pull / unittest / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.
• pull / unittest-editable / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

[Copilot]

Pull request overview

This PR fixes a potential integer overflow in PlatformMemoryAllocator::allocate() by validating size additions before calculating the total allocation size, preventing undersized allocations that could lead to out-of-bounds writes.

Changes:

• Add overflow-checked computation for alloc_size using c10::add_overflows.
• Log and return nullptr when an overflow is detected during allocation size calculation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

<c10/util/safe_numerics.h> is already included by executorch/runtime/core/memory_allocator.h, so this direct include is redundant here. Consider removing it to keep header dependencies minimal and reduce rebuild churn.

Suggested change

#include <c10/util/safe_numerics.h>

[Copilot]

The allocation “alignment bump” only needs to reserve up to alignment - 1 bytes. Using + alignment slightly over-allocates and can also make the overflow check reject an allocation that would otherwise fit by 1 byte. Consider adding alignment - 1 (after validating alignment > 0, which isPowerOf2 already implies) instead of alignment.

Suggested change

	// Then allocate enough memory for node, data and the alignment bump.
	size_t alloc_size = 0;
	if (c10::add_overflows(sizeof(AllocationNode), size, &alloc_size) ||
	c10::add_overflows(alloc_size, alignment, &alloc_size)) {
	// Then allocate enough memory for node, data and the maximum alignment
	// bump, which is at most alignment - 1 bytes.
	size_t alloc_size = 0;
	if (c10::add_overflows(sizeof(AllocationNode), size, &alloc_size) ||
	c10::add_overflows(alloc_size, alignment - 1, &alloc_size)) {