TFRecords BytesList value materialization DoS PoC
This repository contains a benign security research PoC for a .tfrecords
artifact that drives large protobuf materialization during
tf.train.BytesList.FromString(...).
Files:
control_same_size.tfrecordsmalicious_byteslist_value_10000000.tfrecordsreproduce.py
Observed behavior:
- control artifact:
- parses successfully with one
valueitem
- parses successfully with one
- malicious artifact:
- same size as control
- parses successfully with
10,000,000valueitems - increases peak RSS by about
407764 kB - takes about
14.62xthe control parse time
Reproduction:
TF_PYTHON_BIN=/tmp/tf221clean/bin/python python3 build_poc.py
TF_PYTHON_BIN=/tmp/tf221clean/bin/python python3 reproduce.py
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support