YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Caffe CWE-789: OOM DoS via INT_MAX Boundary Case in Blob::Reshape()
Status: CONFIRMED β READY TO SUBMIT
Severity: High (P2) β Denial of Service
Target
- Repo: BVLC/caffe
- Platform: huntr.com
- Format:
.caffemodel(protobuf)
Root Cause
The overflow guard in Blob::Reshape() has a boundary condition that allows INT_MAX through:
// src/caffe/blob.cpp:26-28
CHECK_LE(shape[i], INT_MAX / count_); // count_=1: INT_MAX <= INT_MAX β PASSES
count_ *= shape[i]; // count_ = 2,147,483,647
// blob.cpp:34-35
data_.reset(new SyncedMemory(capacity_ * sizeof(Dtype))); // ~8 GB β NO CAP
diff_.reset(new SyncedMemory(capacity_ * sizeof(Dtype))); // ~8 GB β NO CAP
Total allocation attempt: ~16 GB β std::bad_alloc / OOM-kill.
Trigger Path
caffe.Net('deploy.prototxt', 'caffe_oom.caffemodel', caffe.TEST)
β Net::CopyTrainedLayersFrom() [net.cpp:991]
β Blob::FromProto(proto, reshape=true) [blob.cpp:285]
β Blob::Reshape(vector<int>) [blob.cpp:21]
β new SyncedMemory(8,589,934,588) [blob.cpp:35]
β CaffeMallocHost(8589934588)
β malloc() β ENOMEM β std::bad_alloc β SIGABRT
Vulnerable Files
| File | Line | Issue |
|---|---|---|
src/caffe/blob.cpp |
26-28 | Boundary case: guard passes for shape[i]=INT_MAX, count_=1 |
src/caffe/blob.cpp |
34-35 | SyncedMemory alloc with no size cap |
src/caffe/net.cpp |
1014 | FromProto(reshape=true) triggers allocation |
PoC Files
poc_caffe_oom.pyβ buildscaffe_oom.caffemodeland documents triggercaffe_oom.caffemodelβ generated by script
Reproduction
python poc_caffe_oom.py
# With caffe bindings:
import caffe
caffe.Net('deploy.prototxt', 'caffe_oom.caffemodel', caffe.TEST)
Fix
constexpr int64_t kMaxBlobCount = 1LL << 28; // 256M elements
CHECK_LE(count_, kMaxBlobCount) << "blob size exceeds safe limit";
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support