ORC ZLIB binary-field memory-bomb PoC

This repository hosts a benign security research PoC for an ORC parser denial of service.

Files

  • orc-zlib-binary-200m.orc

Reproduction

python3 - <<'PY'
import pyorc
from pathlib import Path
p = Path("orc-zlib-binary-200m.orc")
with open(p, "rb") as f:
    reader = pyorc.Reader(f)
    row = next(iter(reader))
    print(len(row[0]))
PY

Observed on the research machine:

  • on-disk file size is about 973 KB
  • decompressed binary field size is 200 MB
  • under a 350 MB cap the parser fails with Could not allocate bytes object!

Safety note

This artifact is a non-executable malformed model-file PoC for parser-stress testing only.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support