YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
BUG11 โ ExecuTorch allocateList nullptr write (null deref crash)
Missing nullptr check after allocateList<EValue*>() in Method::parse_values
(runtime/executor/method.cpp:514-532) causes SIGSEGV when loading a crafted .pte
model with a large IntList that exhausts the method allocator.
- Repo: https://github.com/pytorch/executorch
- Latest commit tested: 968fff9821f9cf8ebe9dc547ee454f2bb2c51a87 (origin/main)
- Pinned comparison: f3b66dccdef22d6c6d35bbfe76a3afaf433dddb2 (code identical)
- Vulnerable code: runtime/executor/method.cpp:514-532
- Severity: Medium (null pointer write / DoS, CWE-476)
Reproduce
python3 generate_poc_bug11.py # writes poc_bug11.pte (~400KB, 50K IntList)
# build executorch_core, compile bug11_harness with 32KB method allocator
./bug11_harness poc_bug11.pte # -> SIGSEGV (exit 139)
Result
SIGSEGV at method.cpp:532: evalp_list[j] = &values_[...]; (evalp_list = 0x0)
PoC SHA256: fbca918f2e4b7c297840c93ca0c29ddb9db2a712f9af1447218ffa0f09b0be7f
- Downloads last month
- 5
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support