heehee0219's picture
add README
243c8b4 verified
|
Raw
History Blame Contribute Delete
983 Bytes
# llama.cpp DeepSeek-OCR window int overflow PoC
> ⚠️ Security research artifact — gated to ProtectAI/huntr triage. Malicious GGUF demonstrating signed integer overflow in `llama.cpp tools/mtmd/models/deepseekocr.cpp`.
## Submission
huntr.com Model File Vulnerabilities (MFV) — submitted by `heehee0219`.
## Source
Derived from [`ggml-org/DeepSeek-OCR-GGUF`](https://huggingface.co/ggml-org/DeepSeek-OCR-GGUF) `mmproj-DeepSeek-OCR-Q8_0.gguf` with a single 4-byte attacker patch:
- KV `clip.vision.window_size` value: `14 → 65536`
## Trigger
Loading this mmproj into `llama-mtmd-cli` triggers UBSAN-detected signed integer overflow at `deepseekocr.cpp:84` (`q_size * k_size = 65536 * 65536` wraps int32 to 0) during warmup graph build, leading to ggml_abort.
```
deepseekocr.cpp:84:27: runtime error: signed integer overflow: 65536 * 65536 cannot be represented in type 'int'
SUMMARY: UBSAN: undefined-behavior
[Aborted]
```
See full huntr submission for details.