ORC ZLIB binary-field memory-bomb PoC
This repository hosts a benign security research PoC for an ORC parser denial of service.
Files
orc-zlib-binary-200m.orc
Reproduction
python3 - <<'PY'
import pyorc
from pathlib import Path
p = Path("orc-zlib-binary-200m.orc")
with open(p, "rb") as f:
reader = pyorc.Reader(f)
row = next(iter(reader))
print(len(row[0]))
PY
Observed on the research machine:
- on-disk file size is about
973 KB - decompressed binary field size is
200 MB - under a
350 MBcap the parser fails withCould not allocate bytes object!
Safety note
This artifact is a non-executable malformed model-file PoC for parser-stress testing only.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support