--- tags: - security - proof-of-concept - joblib - dos --- # Joblib inline shape allocation PoC This repository contains a benign security research proof of concept for a tiny Joblib artifact that triggers a large allocation attempt during normal `joblib.load()` parsing. Files: - `joblib-inline-shape-1200m.joblib` - `build_poc.py` Reproduction: ```bash OPENBLAS_NUM_THREADS=1 OMP_NUM_THREADS=1 MKL_NUM_THREADS=1 bash -lc ' ulimit -v 300000 python3 - <<'"'"'PY'"'"' import joblib joblib.load("joblib-inline-shape-1200m.joblib") PY ' ``` Expected observable: - `joblib.load()` raises an allocation failure for about `1.12 GiB` - on a looser memory limit, the same path later reaches `EOF: reading array data`, showing validation happens after allocation This repository is for defensive security validation and triage only.