metadata
tags:
- security
- proof-of-concept
- joblib
- dos
Joblib inline shape allocation PoC
This repository contains a benign security research proof of concept for a tiny Joblib artifact that triggers a large allocation attempt during normal joblib.load() parsing.
Files:
joblib-inline-shape-1200m.joblibbuild_poc.py
Reproduction:
OPENBLAS_NUM_THREADS=1 OMP_NUM_THREADS=1 MKL_NUM_THREADS=1 bash -lc '
ulimit -v 300000
python3 - <<'"'"'PY'"'"'
import joblib
joblib.load("joblib-inline-shape-1200m.joblib")
PY
'
Expected observable:
joblib.load()raises an allocation failure for about1.12 GiB- on a looser memory limit, the same path later reaches
EOF: reading array data, showing validation happens after allocation
This repository is for defensive security validation and triage only.