Hugging Face's logo

0xiviel
/
poc-pytorch-jit-binunicode

Model card Files
xet
 Community
poc-pytorch-jit-binunicode / README.md
0xiviel's picture
0xiviel
Upload folder using huggingface_hub
7f61860 verified
preview code
|
raw
history blame contribute delete
869 Bytes

PoC: BINUNICODE8 Signed/Unsigned Length Confusion in JIT Unpickler

Vulnerability: unpickler.cpp:344 reads BINUNICODE8 length as int64_t (signed) instead of uint64_t. The implicit conversion to size_t in readBytes() causes 32-bit truncation on ARM mobile (pickle desync → corruption) and DoS on 64-bit (excessive allocation).

Files

  • poc_binunicode8_overflow.py — Full PoC with code analysis, 64-bit DoS demo, 32-bit truncation test
  • test_truncation.cpp — Standalone C++ 32-bit truncation demonstration

Quick Start 

pip install torch
python poc_binunicode8_overflow.py

Expected Output

  • Part 1: Code analysis showing int64_t vs uint64_t mismatch
  • Part 2: 64-bit DoS (MemoryError, end of archive, max_size rejection)
  • Part 3: 32-bit truncation table (C++ test)
  • Part 4: Pickle stream desync analysis on 32-bit ARM