onnx 1.16.0__cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl → 1.16.2__cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl

onnx/backend/test/case/node/dequantizelinear.py

@@ -202,7 +202,7 @@ class DequantizeLinear(Base):
         # scalar zero point and scale
         x = make_tensor("x", TensorProto.UINT4, [5], [0, 1, 7, 10, 15])
         x_scale = np.float32(2)
-        x_zero_point = make_tensor("zero_point", TensorProto.UINT4, (1,), [1])
+        x_zero_point = make_tensor("x_zero_point", TensorProto.UINT4, (1,), [1])
         y = np.array([-2, 0, 12, 18, 28], dtype=np.float32)
 
         expect(
@@ -224,7 +224,7 @@ class DequantizeLinear(Base):
         # scalar zero point and scale
         x = make_tensor("x", TensorProto.INT4, [5], [0, 1, 7, -4, -8])
         x_scale = np.float32(2)
-        x_zero_point = make_tensor("zero_point", TensorProto.INT4, (1,), [1])
+        x_zero_point = make_tensor("x_zero_point", TensorProto.INT4, (1,), [1])
         y = np.array([-2, 0, 12, -10, -18], dtype=np.float32)
 
         expect(

onnx/backend/test/case/node/quantizelinear.py

@@ -73,7 +73,7 @@ class QuantizeLinear(Base):
 
         x = np.array([0.0, 1.0, 2.0, 100000.0, 200.0]).astype(np.float32)
         y_scale = np.float32(2)
-        y_zero_point = make_tensor("zero_point", TensorProto.FLOAT8E4M3FN, [1], [0])
+        y_zero_point = make_tensor("y_zero_point", TensorProto.FLOAT8E4M3FN, [1], [0])
         y = make_tensor("y", TensorProto.FLOAT8E4M3FN, [5], [0, 0.5, 1, 448, 96])
 
         expect(
@@ -93,7 +93,7 @@ class QuantizeLinear(Base):
 
         x = np.array([0.0, 1.0, 2.0, 100000.0, 200.0]).astype(np.float32)
         y_scale = np.float32(2)
-        y_zero_point = make_tensor("zero_point", TensorProto.FLOAT8E5M2, [1], [0.0])
+        y_zero_point = make_tensor("y_zero_point", TensorProto.FLOAT8E5M2, [1], [0.0])
         y = make_tensor("y", TensorProto.FLOAT8E5M2, [5], [0, 0.5, 1, 49152, 96])
 
         expect(
@@ -230,7 +230,7 @@ class QuantizeLinear(Base):
 
         y_scale = np.asarray([2.0, 3.0, 4.0], dtype=np.float32)
         y_zero_point = make_tensor(
-            "zero_point", TensorProto.UINT4, y_scale.shape, np.ones_like(y_scale)
+            "y_zero_point", TensorProto.UINT4, y_scale.shape, np.ones_like(y_scale)
         )
         y = make_tensor(
             "y", TensorProto.UINT4, x.shape, [1, 2, 3, 5, -1, -1, 3, 4, 4, 5, 5, 11]
@@ -262,7 +262,7 @@ class QuantizeLinear(Base):
 
         y_scale = np.asarray([2.0, 3.0, 4.0], dtype=np.float32)
         y_zero_point = make_tensor(
-            "zero_point", TensorProto.INT4, y_scale.shape, np.ones_like(y_scale)
+            "y_zero_point", TensorProto.INT4, y_scale.shape, np.ones_like(y_scale)
         )
         y = make_tensor(
             "y", TensorProto.INT4, x.shape, [1, 2, 3, 5, -8, -6, 3, 4, 4, 5, 5, 7]

onnx/backend/test/data/node/test_dequantizelinear_int4/test_data_set_0/input_2.pb

@@ -1,2 +1 @@
-
*

B
-zero_point
+
*

Bx_zero_point

onnx/backend/test/data/node/test_dequantizelinear_uint4/test_data_set_0/input_2.pb

@@ -1,2 +1 @@
-
*

B
-zero_point
+
*

Bx_zero_point

onnx/backend/test/data/node/test_quantizelinear_int4/test_data_set_0/input_2.pb

@@ -1,2 +1 @@
-*
B
-zero_point
+*
By_zero_point

onnx/backend/test/data/node/test_quantizelinear_uint4/test_data_set_0/input_2.pb

@@ -1,2 +1 @@
-*
B
-zero_point
+*
By_zero_point

onnx/backend/test/runner/__init__.py

@@ -10,7 +10,6 @@ import os
 import re
 import shutil
 import sys
-import tarfile
 import tempfile
 import time
 import unittest
@@ -238,8 +237,7 @@ class Runner:
             )
             urlretrieve(model_test.url, download_file.name)
             print("Done")
-            with tarfile.open(download_file.name) as t:
-                t.extractall(models_dir)
+            onnx.utils._extract_model_safe(download_file.name, models_dir)
         except Exception as e:
             print(f"Failed to prepare data for model {model_test.model_name}: {e}")
             raise

onnx/common/version.h

@@ -9,6 +9,6 @@
 namespace ONNX_NAMESPACE {
 
 // Represents the most recent release version. Updated with every release.
-constexpr const char* LAST_RELEASE_VERSION = "1.16.0";
+constexpr const char* LAST_RELEASE_VERSION = "1.16.2";
 
 } // namespace ONNX_NAMESPACE

onnx/defs/math/old.cc

@@ -2322,10 +2322,15 @@ ONNX_OPERATOR_SET_SCHEMA(
             auto transBAttr = ctx.getAttribute("transB");
             bool transB = transBAttr ? static_cast<int>(transBAttr->i()) != 0 : false;
 
+            checkInputRank(ctx, 0, 2);
+            checkInputRank(ctx, 1, 2);
+
+            auto& first_input_shape = getInputShape(ctx, 0);
+            auto& second_input_shape = getInputShape(ctx, 1);
             *ctx.getOutputType(0)->mutable_tensor_type()->mutable_shape()->add_dim() =
-                ctx.getInputType(0)->tensor_type().shape().dim(transA ? 1 : 0);
+                first_input_shape.dim(transA ? 1 : 0);
             *ctx.getOutputType(0)->mutable_tensor_type()->mutable_shape()->add_dim() =
-                ctx.getInputType(1)->tensor_type().shape().dim(transB ? 0 : 1);
+                second_input_shape.dim(transB ? 0 : 1);
           } else if (
               hasInputShape(ctx, 2) &&
               (!ctx.getAttribute("broadcast") || static_cast<int>(ctx.getAttribute("broadcast")->i()) == 0)) {

onnx/defs/quantization/defs.cc

@@ -200,6 +200,9 @@ ONNX_OPERATOR_SET_SCHEMA(
         .SetDoc(DequantizeLinear_ver21_doc)
         .TypeAndShapeInferenceFunction([](ONNX_NAMESPACE::InferenceContext& ctx) {
           propagateElemTypeFromInputToOutput(ctx, 1, 0);
+          if (!hasInputShape(ctx, 0)) {
+            return;
+          }
           auto& input_shape = getInputShape(ctx, 0);
           updateOutputShape(ctx, 0, input_shape);
         }));

onnx/defs/quantization/old.cc

@@ -130,6 +130,9 @@ ONNX_OPERATOR_SET_SCHEMA(
         .SetDoc(DequantizeLinear_ver19_doc)
         .TypeAndShapeInferenceFunction([](ONNX_NAMESPACE::InferenceContext& ctx) {
           propagateElemTypeFromInputToOutput(ctx, 1, 0);
+          if (!hasInputShape(ctx, 0)) {
+            return;
+          }
           auto& input_shape = getInputShape(ctx, 0);
           updateOutputShape(ctx, 0, input_shape);
         }));
@@ -181,7 +184,6 @@ ONNX_OPERATOR_SET_SCHEMA(
           if (!hasInputShape(ctx, 0)) {
             return;
           }
-
           auto& input_shape = getInputShape(ctx, 0);
           updateOutputShape(ctx, 0, input_shape);
         }));

onnx/defs/tensor/old.cc

@@ -1380,7 +1380,7 @@ ONNX_OPERATOR_SET_SCHEMA(
 
 static const char* Slice_ver11_doc = R"DOC(
 Produces a slice of the input tensor along multiple axes. Similar to numpy:
-https://docs.scipy.org/doc/numpy/reference/arrays.indexing.html
+https://numpy.org/doc/stable/reference/routines.indexing.html
 Slices uses `starts`, `ends`, `axes` and `steps` inputs to specify the start and end
 dimension and step for each axis in the list of axes, it uses this information to
 slice the input `data` tensor. If a negative value is passed for any of the
@@ -4443,7 +4443,7 @@ ONNX_OPERATOR_SET_SCHEMA(
 
 static const char* Slice_ver1_doc = R"DOC(
 Produces a slice of the input tensor along multiple axes. Similar to numpy:
-https://docs.scipy.org/doc/numpy/reference/arrays.indexing.html
+https://numpy.org/doc/stable/reference/routines.indexing.html
 Slices uses `axes`, `starts` and `ends` attributes to specify the start and end
 dimension for each axis in the list of axes, it uses this information to
 slice the input `data` tensor. If a negative value is passed for any of the
@@ -4559,7 +4559,7 @@ ONNX_OPERATOR_SET_SCHEMA(
 
 static const char* Slice_ver10_doc = R"DOC(
 Produces a slice of the input tensor along multiple axes. Similar to numpy:
-https://docs.scipy.org/doc/numpy/reference/arrays.indexing.html
+https://numpy.org/doc/stable/reference/routines.indexing.html
 Slices uses `starts`, `ends`, `axes` and `steps` inputs to specify the start and end
 dimension and step for each axis in the list of axes, it uses this information to
 slice the input `data` tensor. If a negative value is passed for any of the

onnx/hub.py

@@ -9,7 +9,6 @@ import hashlib
 import json
 import os
 import sys
-import tarfile
 from io import BytesIO
 from os.path import join
 from typing import IO, Any, Dict, List, Optional, Set, Tuple, cast
@@ -296,6 +295,7 @@ def download_model_with_test_data(
     silent: bool = False,
 ) -> Optional[str]:
     """Downloads a model along with test data by name from the onnx model hub and returns the directory to which the files have been extracted.
+    Users are responsible for making sure the model comes from a trusted source, and the data is safe to be extracted.
 
     Args:
         model: The name of the onnx model in the manifest. This field is
@@ -361,12 +361,14 @@ def download_model_with_test_data(
                 "download the model from the model hub."
             )
 
-    with tarfile.open(local_model_with_data_path) as model_with_data_zipped:
-        # FIXME: Avoid index manipulation with magic numbers
-        local_model_with_data_dir_path = local_model_with_data_path[
-            0 : len(local_model_with_data_path) - 7
-        ]
-        model_with_data_zipped.extractall(local_model_with_data_dir_path)
+    # FIXME: Avoid index manipulation with magic numbers,
+    # remove ".tar.gz"
+    local_model_with_data_dir_path = local_model_with_data_path[
+        0 : len(local_model_with_data_path) - 7
+    ]
+    onnx.utils._extract_model_safe(
+        local_model_with_data_path, local_model_with_data_dir_path
+    )
     model_with_data_path = (
         local_model_with_data_dir_path
         + "/"

onnx/shape_inference/implementation.cc

@@ -488,29 +488,29 @@ class ShapeInferenceImplBase {
           ProcessCall(n, *(iter->second), ctx);
         } else {
           has_unsupported_op = true;
+          return;
         }
       } else {
         has_unsupported_op = true;
+        return;
       }
-      if (!has_unsupported_op) {
-        for (int i = 0; i < n.output_size(); ++i) {
-          // skip type and shape propagation for missing optional outputs.
-          if (!n.output(i).empty())
-            UpdateType(n.output(i), ctx.getOutputType(i));
-        }
-        // Constant values are tracked to improve inference/checking for subsequent nodes.
-        ProcessConstant(n);
-        // If data-propagation is enabled, partial-evaluation (aka data-propagation) is performed
-        // to improve inference/checking for subsequent nodes.
-        if (options.enable_data_propagation && schema && schema->has_data_propagation_function()) {
-          if (generated_shape_data_by_name == nullptr) {
-            fail_shape_inference(
-                "Container for generated shape data cannot be nullptr when enable_data_propagation option is set.");
-          }
-          DataPropagationContextImpl data_propagation_ctx(
-              n, value_types_by_name, input_data_by_name, *generated_shape_data_by_name);
-          schema->GetDataPropagationFunction()(data_propagation_ctx);
+      for (int i = 0; i < n.output_size(); ++i) {
+        // skip type and shape propagation for missing optional outputs.
+        if (!n.output(i).empty())
+          UpdateType(n.output(i), ctx.getOutputType(i));
+      }
+      // Constant values are tracked to improve inference/checking for subsequent nodes.
+      ProcessConstant(n);
+      // If data-propagation is enabled, partial-evaluation (aka data-propagation) is performed
+      // to improve inference/checking for subsequent nodes.
+      if (options.enable_data_propagation && schema && schema->has_data_propagation_function()) {
+        if (generated_shape_data_by_name == nullptr) {
+          fail_shape_inference(
+              "Container for generated shape data cannot be nullptr when enable_data_propagation option is set.");
         }
+        DataPropagationContextImpl data_propagation_ctx(
+            n, value_types_by_name, input_data_by_name, *generated_shape_data_by_name);
+        schema->GetDataPropagationFunction()(data_propagation_ctx);
       }
     }
     ONNX_CATCH(const ONNX_NAMESPACE::InferenceError& ex) {

onnx/tools/net_drawer.py

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # A library and utility for drawing ONNX nets. Most of this implementation has
 # been borrowed from the caffe2 implementation
-# https://github.com/pytorch/pytorch/blob/master/caffe2/python/net_drawer.py
+# https://github.com/pytorch/pytorch/blob/v2.3.1/caffe2/python/net_drawer.py
 #
 # The script takes two required arguments:
 #   -input: a path to a serialized ModelProto .pb file.

onnx/utils.py

@@ -4,6 +4,7 @@
 from __future__ import annotations
 
 import os
+import tarfile
 
 import onnx.checker
 import onnx.helper
@@ -212,3 +213,65 @@ def extract_model(
     onnx.save(extracted, output_path)
     if check_model:
         onnx.checker.check_model(output_path)
+
+
+def _tar_members_filter(
+    tar: tarfile.TarFile, base: str | os.PathLike
+) -> list[tarfile.TarInfo]:
+    """Check that the content of ``tar`` will be extracted safely
+
+    Args:
+        tar: The tarball file
+        base: The directory where the tarball will be extracted
+
+    Returns:
+        list of tarball members
+    """
+    result = []
+    for member in tar:
+        member_path = os.path.join(base, member.name)
+        abs_base = os.path.abspath(base)
+        abs_member = os.path.abspath(member_path)
+        if not abs_member.startswith(abs_base):
+            raise RuntimeError(
+                f"The tarball member {member_path} in downloading model contains "
+                f"directory traversal sequence which may contain harmful payload."
+            )
+        elif member.issym() or member.islnk():
+            raise RuntimeError(
+                f"The tarball member {member_path} in downloading model contains "
+                f"symbolic links which may contain harmful payload."
+            )
+        result.append(member)
+    return result
+
+
+def _extract_model_safe(
+    model_tar_path: str | os.PathLike, local_model_with_data_dir_path: str | os.PathLike
+) -> None:
+    """Safely extracts a tar file to a specified directory.
+
+    This function ensures that the extraction process mitigates against
+    directory traversal vulnerabilities by validating or sanitizing paths
+    within the tar file. It also provides compatibility for different versions
+    of the tarfile module by checking for the availability of certain attributes
+    or methods before invoking them.
+
+    Args:
+        model_tar_path: The path to the tar file to be extracted.
+        local_model_with_data_dir_path: The directory path where the tar file
+      contents will be extracted to.
+    """
+    with tarfile.open(model_tar_path) as model_with_data_zipped:
+        # Mitigate tarball directory traversal risks
+        if hasattr(tarfile, "data_filter"):
+            model_with_data_zipped.extractall(
+                path=local_model_with_data_dir_path, filter="data"
+            )
+        else:
+            model_with_data_zipped.extractall(
+                path=local_model_with_data_dir_path,
+                members=_tar_members_filter(
+                    model_with_data_zipped, local_model_with_data_dir_path
+                ),
+            )

onnx/version.py

@@ -1,5 +1,5 @@
 # This file is generated by setup.py. DO NOT EDIT!
 
 
-version = "1.16.0"
+version = "1.16.2"
 git_version = ""

{onnx-1.16.0.dist-info → onnx-1.16.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: onnx
-Version: 1.16.0
+Version: 1.16.2
 Summary: Open Neural Network Exchange
 Author-email: ONNX Contributors <onnx-technical-discuss@lists.lfaidata.foundation>
 License: Apache License v2.0
@@ -14,7 +14,7 @@ Requires-Dist: numpy >=1.20
 Requires-Dist: protobuf >=3.20.2
 Provides-Extra: reference
 Requires-Dist: google-re2 ; extra == 'reference'
-Requires-Dist: Pillow ; extra == 'reference'
+Requires-Dist: pillow ; extra == 'reference'
 
 <!--
 Copyright (c) ONNX Project Contributors