ReLrO
/

tensorrt-oob-deserialize-poc

Model card Files Files and versions

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

TensorRT Plugin Deserialization OOB Read PoC

Vulnerability

Out-of-bounds memory access in TensorRT plugin deserialization due to:

read<T>() in plugin.h:100-108 — Zero bounds checking on the primary deserialization primitive used by 30+ plugins
serialize.hpp assert-only checks — assert() is compiled out in release builds (NDEBUG), leaving zero bounds checking in production

Files

poc_tensorrt_serialize.cpp — Standalone PoC extracting vulnerable code from TensorRT source

Reproduction

# Build in release mode (NDEBUG — matching production TensorRT):
g++ -fsanitize=address -g -DNDEBUG -std=c++17 -o poc_release poc_tensorrt_serialize.cpp

# Run:
./poc_release

Expected ASAN Output

==PID==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x...
READ of size 4 at 0x... thread T0
    #0 in int read<int, char>(char const*&) poc_tensorrt_serialize.cpp:171
    #1 in poc_read_oob() poc_tensorrt_serialize.cpp:213

Tested On

TensorRT latest commit from default branch (2026-02-27)

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support