# PoC: getRecordOffset() Integer Overflow via Local Header Manipulation

**Vulnerability:** `inline_container.cc:634-637` — `getRecordOffset()` reads `filename_len` and `extra_len` from the ZIP local file header without cross-validating against the central directory. A crafted `.pt` file with modified local header fields causes the function to return a wrong offset, leading to OOB access, silent data corruption, or DoS via `torch.load(mmap=True)`. On 32-bit platforms, `mz_uint64` → `size_t` truncation silently wraps the offset.

## Files

- `poc_record_offset_overflow.py` — Full PoC (wrong offset demo, mmap impact, within-file corruption, overflow analysis)

## Quick Start

```bash
pip install torch
python poc_record_offset_overflow.py
```

## Expected Output

- Part 1: `get_record_offset()` returns 66175 for a 1563-byte file (past EOF by 64612 bytes)
- Part 2: `torch.load(mmap=True)` fails with RuntimeError (DoS)
- Part 3: Within-file offset reads version record as tensor data → garbage values
- Part 4: 32-bit truncation and 64-bit overflow analysis
- Part 5: Vulnerable code and suggested fix