Samsung Circle Format β Missing FlatBuffer Verification PoC
Bug
onert-micro runtime calls circle::GetModel() WITHOUT VerifyModelBuffer().
Three code paths skip verification:
OMCircleReader.cpp:64ModuleLoader.cpp:27onert-micro.cpp:238
Crafted .circle files with invalid FlatBuffer offsets cause arbitrary OOB memory access.
Files
unverified_model.circleβ Invalid root table offset (0x7FFFFFFF)truncation_attack.circleβ Negative vtable offset causing OOB
Also: int size truncation
BaseLoader.h:218: int size = file_stat.st_size truncates files > 2GB,
bypassing FlatBuffer verification for content past 2GB boundary.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support