| # PoC: getRecordOffset() Integer Overflow via Local Header Manipulation | |
| **Vulnerability:** `inline_container.cc:634-637` — `getRecordOffset()` reads `filename_len` and `extra_len` from the ZIP local file header without cross-validating against the central directory. A crafted `.pt` file with modified local header fields causes the function to return a wrong offset, leading to OOB access, silent data corruption, or DoS via `torch.load(mmap=True)`. On 32-bit platforms, `mz_uint64` → `size_t` truncation silently wraps the offset. | |
| ## Files | |
| - `poc_record_offset_overflow.py` — Full PoC (wrong offset demo, mmap impact, within-file corruption, overflow analysis) | |
| ## Quick Start | |
| ```bash | |
| pip install torch | |
| python poc_record_offset_overflow.py | |
| ``` | |
| ## Expected Output | |
| - Part 1: `get_record_offset()` returns 66175 for a 1563-byte file (past EOF by 64612 bytes) | |
| - Part 2: `torch.load(mmap=True)` fails with RuntimeError (DoS) | |
| - Part 3: Within-file offset reads version record as tensor data → garbage values | |
| - Part 4: 32-bit truncation and 64-bit overflow analysis | |
| - Part 5: Vulnerable code and suggested fix | |