Tensorizer zero-data shape amplification PoC
This repository contains a benign security research proof of concept for a Tensorizer model file that remains small on disk but drives large memory allocation during normal deserialization.
Files:
tensorizer-huge-shape-zero-meta.tensorsbuild_poc.py
Reproduction:
OPENBLAS_NUM_THREADS=1 OMP_NUM_THREADS=1 MKL_NUM_THREADS=1 /usr/bin/time -v \
python3 - <<'PY'
from tensorizer.serialization import TensorDeserializer
d = TensorDeserializer("tensorizer-huge-shape-zero-meta.tensors", num_readers=1)
t = d.get("w")
print("shape", tuple(t.shape), "dtype", t.dtype, "numel", t.numel())
d.close()
PY
Expected observable:
- the loader returns a tensor with shape
(1200000000,) - peak RSS grows to roughly
1.89 GBon the test machine
This repository is for defensive security validation and triage only.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support