Fix integer overflow in Vulkan multiply_integers

[lucylq]

Replace std::accumulate with c10::mul_overflows to check for overflow at each multiplication.

Prevents undersized GPU buffer allocations from attacker-controlled tensor dimensions in PTE files.

This PR was authored with the assistance of Claude.

Test plan

CI

cc @SS-JIA @manuelcandales @digantdesai @cbilgin

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/18681

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❌ 8 New Failures, 1 Cancelled Job, 2 Unrelated Failures

As of commit 99b01c4 with merge base ee92757 ():

NEW FAILURES - The following jobs have failed:

• pull / test-vulkan-models-linux / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• pull / test-vulkan-operators-linux / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• pull / unittest / linux / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• pull / unittest-editable / linux / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• Test ARM Backend / test-arm / test-backend-linux (arm_vgf_fp, models) / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• Test ARM Backend / test-arm / test-backend-linux (arm_vgf_fp, operators) / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• Test Vulkan Backend / test-vulkan / test-backend-linux (vulkan, models) / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup
• Test Vulkan Backend / test-vulkan / test-backend-linux (vulkan, operators) / linux-job (gh)
  /pytorch/executorch/../executorch/backends/vulkan/runtime/utils/VecUtils.h:477:10: error: call to function 'multiply_integers' that is neither visible in the template definition nor found by argument-dependent lookup

CANCELLED JOB - The following job was cancelled. Please retry:

• pull / unittest / macos / macos-job (gh)
  ##[error]The operation was canceled.

BROKEN TRUNK - The following jobs failed but were present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• pull / unittest / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.
• pull / unittest-editable / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

[Copilot]

Pull request overview

This PR hardens the Vulkan backend’s integer multiplication utility used for tensor size/numel calculations by adding per-step overflow detection, preventing undersized GPU buffer allocations when tensor dimensions are attacker-controlled (e.g., from PTE files).

Changes:

• Add c10::mul_overflows-based overflow checking to multiply_integers (iterator overload).
• Update the container overload to delegate to the iterator overload.
• Add the necessary c10/util/safe_numerics.h include.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

<numeric> appears to be unused in this header after replacing std::accumulate with c10::mul_overflows. Consider removing the <numeric> include to avoid unnecessary dependencies/compile overhead.

Suggested change

#include <numeric>