In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows.
In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx https://github.com/tensorflow/tensorflow/issues/46912 https://github.com/tensorflow/tensorflow/issues/46889 https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899