Instructions to use Hironabe333/gguf-tensor-type-enum-abort-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- llama-cpp-python
How to use Hironabe333/gguf-tensor-type-enum-abort-poc with llama-cpp-python:
# !pip install llama-cpp-python from llama_cpp import Llama llm = Llama.from_pretrained( repo_id="Hironabe333/gguf-tensor-type-enum-abort-poc", filename="baseline.gguf", )
output = llm( "Once upon a time,", max_tokens=512, echo=True ) print(output)
- Notebooks
- Google Colab
- Kaggle
- Local Apps Settings
- llama.cpp
How to use Hironabe333/gguf-tensor-type-enum-abort-poc with llama.cpp:
Install (macOS, Linux)
curl -LsSf https://llama.app/install.sh | sh # Start a local OpenAI-compatible server with a web UI: llama serve -hf Hironabe333/gguf-tensor-type-enum-abort-poc # Run inference directly in the terminal: llama cli -hf Hironabe333/gguf-tensor-type-enum-abort-poc
Install from WinGet (Windows)
winget install llama.cpp # Start a local OpenAI-compatible server with a web UI: llama serve -hf Hironabe333/gguf-tensor-type-enum-abort-poc # Run inference directly in the terminal: llama cli -hf Hironabe333/gguf-tensor-type-enum-abort-poc
Use pre-built binary
# Download pre-built binary from: # https://github.com/ggerganov/llama.cpp/releases # Start a local OpenAI-compatible server with a web UI: ./llama-server -hf Hironabe333/gguf-tensor-type-enum-abort-poc # Run inference directly in the terminal: ./llama-cli -hf Hironabe333/gguf-tensor-type-enum-abort-poc
Build from source code
git clone https://github.com/ggerganov/llama.cpp.git cd llama.cpp cmake -B build cmake --build build -j --target llama-server llama-cli # Start a local OpenAI-compatible server with a web UI: ./build/bin/llama-server -hf Hironabe333/gguf-tensor-type-enum-abort-poc # Run inference directly in the terminal: ./build/bin/llama-cli -hf Hironabe333/gguf-tensor-type-enum-abort-poc
Use Docker
docker model run hf.co/Hironabe333/gguf-tensor-type-enum-abort-poc
- LM Studio
- Jan
- Ollama
How to use Hironabe333/gguf-tensor-type-enum-abort-poc with Ollama:
ollama run hf.co/Hironabe333/gguf-tensor-type-enum-abort-poc
- Unsloth Studio
How to use Hironabe333/gguf-tensor-type-enum-abort-poc with Unsloth Studio:
Install Unsloth Studio (macOS, Linux, WSL)
curl -fsSL https://unsloth.ai/install.sh | sh # Run unsloth studio unsloth studio -H 0.0.0.0 -p 8888 # Then open http://localhost:8888 in your browser # Search for Hironabe333/gguf-tensor-type-enum-abort-poc to start chatting
Install Unsloth Studio (Windows)
irm https://unsloth.ai/install.ps1 | iex # Run unsloth studio unsloth studio -H 0.0.0.0 -p 8888 # Then open http://localhost:8888 in your browser # Search for Hironabe333/gguf-tensor-type-enum-abort-poc to start chatting
Using HuggingFace Spaces for Unsloth
# No setup required # Open https://huggingface.co/spaces/unsloth/studio in your browser # Search for Hironabe333/gguf-tensor-type-enum-abort-poc to start chatting
- Atomic Chat new
- Docker Model Runner
How to use Hironabe333/gguf-tensor-type-enum-abort-poc with Docker Model Runner:
docker model run hf.co/Hironabe333/gguf-tensor-type-enum-abort-poc
- Lemonade
How to use Hironabe333/gguf-tensor-type-enum-abort-poc with Lemonade:
Pull the model
# Download Lemonade from https://lemonade-server.ai/ lemonade pull Hironabe333/gguf-tensor-type-enum-abort-poc
Run and chat with the model
lemonade run user.gguf-tensor-type-enum-abort-poc-{{QUANT_TAG}}List all available models
lemonade list
YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
GGUF tensor info type field out-of-range SIGABRT β PoC
Finding: GGUF tensor info per-tensor type field (ggml_type enum) out-of-range causes C runtime SIGABRT while Python reader rejects safely
Round: ROUND_AI378/AI379
Target: GGUF (.gguf) β llama-cpp-python / llama.cpp (huntr MFV)
Affected version: llama-cpp-python 0.2.90 (llama.cpp commit 1d1ccce67613674c75c9c7e3fa4c1e24e428ba48)
1. Summary
A GGUF model file contains a tensor info section where each tensor entry includes a type field encoding a ggml_type enum value. In llama-cpp-python 0.2.90, the C runtime (gguf_init_from_file) reads and dispatches on this per-tensor type field without first validating that it falls within the valid enum range. Placing an out-of-range value (such as 255, 99, or 50) in the tensor type field causes the process to abort with SIGABRT (exit -6). The Python gguf library (v0.19.0) rejects the same files safely with a ValueError.
This finding is distinct from the previously submitted GGUF KV entry type enum issue (ROUND_AI377). That issue mutated the per-KV type field in the KV metadata body and crashed at gguf_init_from_file+0x3d8. This issue mutates the per-tensor type field in the tensor info section and crashes at gguf_init_from_file+0xfac.
2. Environment
| Component | Version |
|---|---|
| OS | Linux aarch64 (Ubuntu 22.04) |
| Python | 3.10.12 |
| llama-cpp-python | 0.2.90 |
| llama.cpp commit | 1d1ccce67613674c75c9c7e3fa4c1e24e428ba48 |
| gguf (Python library) | 0.19.0 |
3. Root Cause
The GGUF format's tensor info section contains one entry per tensor. Each entry has the structure:
name_len (uint64_le) β byte length of tensor name
name (uint8[]) β tensor name bytes
n_dims (uint32_le) β number of dimensions
dims (uint64_le Γ n_dims) β dimension sizes
type (uint32_le) β ggml_type enum value β VULNERABLE FIELD
offset (uint64_le) β data offset
The type field encodes the tensor's quantization format as a ggml_type enum. Valid values are defined by GGMLQuantizationType in the Python library. In llama-cpp-python 0.2.90, the C runtime reads this field and uses it in a dispatch operation without checking whether the value is within the valid enum range. Out-of-range values cause abort() to be called, producing SIGABRT (exit -6).
4. Affected Field
| Property | Value |
|---|---|
| Field name | tensor info type (per-tensor) |
| Field type | uint32_le |
| Binary offset in PoC | 457 |
| Section | Tensor info section (after KV metadata body) |
| Enum class | ggml_type / GGMLQuantizationType |
| Crash offset | gguf_init_from_file+0xfac |
5. Binary Layout
In the PoC GGUF file (512 bytes):
Offset Size Field
0 4 magic (GGUF)
4 4 version (3)
8 8 tensor_count
16 8 kv_count
24 β¦ KV metadata entries (not mutated)
412 β¦ Tensor info section begins
412 8 name_len = 17
420 17 name = "token_embd.weight"
437 4 n_dims = 2
441 16 dims
457 4 type β MUTATED FIELD (baseline=0, mutants=255/99/50)
461 8 offset
6. Reproduction Steps
pip install llama-cpp-python==0.2.90 gguf==0.19.0
python reproduce.py
To inspect binary layout and confirm mutation scope:
python inspect_artifacts.py
7. Expected Results
baseline.gguf(type=0): C runtime exits 0 or raises non-crash Python exception; Python gguf reader returns OKtensor_type_0xff.gguf(type=255): Python gguf reader raisesValueError: GGMLQuantizationType; C runtime exits cleanlytensor_type_99.gguf(type=99): Python gguf reader raisesValueError; C runtime exits cleanlytensor_type_50.gguf(type=50): Python gguf reader raisesValueError; C runtime exits cleanly
8. Observed Results
| File | Python gguf 0.19.0 | C runtime (3 runs) |
|---|---|---|
| baseline.gguf | OK (type=0) | exit 0, 0, 0 |
| tensor_type_0xff.gguf | ValueError: GGMLQuantizationType | -6, -6, -6 (SIGABRT) |
| tensor_type_99.gguf | ValueError: GGMLQuantizationType | -6, -6, -6 (SIGABRT) |
| tensor_type_50.gguf | ValueError: GGMLQuantizationType | -6, -6, -6 (SIGABRT) |
9/9 SIGABRT on mutant files.
9. Distinctness from Prior GGUF Findings
This finding is distinct from all prior GGUF submissions:
| Dimension | This finding | ROUND_AI377 (KV type enum) | ROUND_AI371 (kv_count) |
|---|---|---|---|
| Mutated field | Per-tensor type in tensor info |
Per-KV type in KV body |
kv_count in header |
| Binary section | Tensor info section | KV metadata body | GGUF header |
| Enum class | GGMLQuantizationType |
GGUFValueType |
N/A (count field) |
| Crash offset | +0xfac |
+0x3d8 |
ggml.c:366 |
| Python exception | ValueError: GGMLQuantizationType |
ValueError: GGUFValueType |
IndexError |
| Required fix | Range-check tensor-info ggml_type | Range-check KV-entry gguf_type | Validate kv_count bounds |
10. Non-Claims
- This report does not claim arbitrary code execution (RCE/ACE)
- This report does not claim memory corruption
- This report does not claim data exfiltration
- This report does not claim all GGUF consumers are affected
- This report is version-scoped to llama-cpp-python 0.2.90 (tested behavior)
- This report does not claim current/latest llama-cpp-python is affected
- This report does not claim High, Critical, or specific CVSS scores
Impact is limited to deterministic process abort / denial of service on the confirmed version.
11. Recommendation
Add an explicit range check on the tensor info type field before dispatch:
if (info->type >= GGML_TYPE_COUNT) {
GGML_LOG_ERROR("%s: invalid ggml_type %d for tensor '%s'\n",
__func__, info->type, info->name.data);
ok = false;
break;
}
This check is analogous to the fix recommended for the KV entry type field (ROUND_AI377) but applied to the tensor info section rather than the KV metadata body.
Files
| File | Description |
|---|---|
baseline.gguf |
Baseline GGUF β tensor type=0 (valid) |
tensor_type_0xff.gguf |
Mutant β tensor type=255 (out-of-range) |
tensor_type_99.gguf |
Mutant β tensor type=99 (out-of-range) |
tensor_type_50.gguf |
Mutant β tensor type=50 (out-of-range) |
reproduce.py |
Demonstrates Python/C runtime differential |
inspect_artifacts.py |
Verifies mutation scope and binary offsets |
runtime_results.json |
Runtime evidence (9/9 SIGABRT) |
hash_matrix.json |
SHA256 + mutation metadata |
distinctness_matrix.json |
Distinctness vs 3 prior GGUF submissions |
route_framing.json |
Route/reward/non-claims metadata |
SHA256SUMS.txt |
File integrity checksums |
- Downloads last month
- -
We're not able to determine the quantization variants.