| # llama.cpp DeepSeek-OCR window int overflow PoC |
|
|
| > ⚠️ Security research artifact — gated to ProtectAI/huntr triage. Malicious GGUF demonstrating signed integer overflow in `llama.cpp tools/mtmd/models/deepseekocr.cpp`. |
|
|
| ## Submission |
|
|
| huntr.com Model File Vulnerabilities (MFV) — submitted by `heehee0219`. |
|
|
| ## Source |
|
|
| Derived from [`ggml-org/DeepSeek-OCR-GGUF`](https://huggingface.co/ggml-org/DeepSeek-OCR-GGUF) `mmproj-DeepSeek-OCR-Q8_0.gguf` with a single 4-byte attacker patch: |
|
|
| - KV `clip.vision.window_size` value: `14 → 65536` |
|
|
| ## Trigger |
|
|
| Loading this mmproj into `llama-mtmd-cli` triggers UBSAN-detected signed integer overflow at `deepseekocr.cpp:84` (`q_size * k_size = 65536 * 65536` wraps int32 to 0) during warmup graph build, leading to ggml_abort. |
| |
| ``` |
| deepseekocr.cpp:84:27: runtime error: signed integer overflow: 65536 * 65536 cannot be represented in type 'int' |
| SUMMARY: UBSAN: undefined-behavior |
| [Aborted] |
| ``` |
| |
| See full huntr submission for details. |
| |