YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)
PoC: getRecordOffset() Integer Overflow via Local Header Manipulation
Vulnerability: inline_container.cc:634-637 โ getRecordOffset() reads filename_len and extra_len from the ZIP local file header without cross-validating against the central directory. A crafted .pt file with modified local header fields causes the function to return a wrong offset, leading to OOB access, silent data corruption, or DoS via torch.load(mmap=True). On 32-bit platforms, mz_uint64 โ size_t truncation silently wraps the offset.
Files
poc_record_offset_overflow.pyโ Full PoC (wrong offset demo, mmap impact, within-file corruption, overflow analysis)
Quick Start
pip install torch
python poc_record_offset_overflow.py
Expected Output
- Part 1:
get_record_offset()returns 66175 for a 1563-byte file (past EOF by 64612 bytes) - Part 2:
torch.load(mmap=True)fails with RuntimeError (DoS) - Part 3: Within-file offset reads version record as tensor data โ garbage values
- Part 4: 32-bit truncation and 64-bit overflow analysis
- Part 5: Vulnerable code and suggested fix
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support