heehee0219's picture
add README
7e758c9 verified
|
Raw
History Blame Contribute Delete
863 Bytes

llama.cpp MiniCPM-V bucket_coords stack-OOB PoC (standalone)

⚠️ Security research artifact — gated to ProtectAI/huntr triage. Standalone-only PoC for stack-buffer-overflow in llama.cpp tools/mtmd/clip.cpp.

Submission

huntr.com Model File Vulnerabilities (MFV) — submitted by heehee0219.

Honest disclosure

The bug at clip.cpp:3240-3253 (case PROJECTOR_TYPE_MINICPMV) writes past two FIXED int[1024] stack arrays when attacker clip.vision.image_size / patch_size > 1024. Standalone byte-for-byte ASAN reproducer captures stack-buffer-overflow WRITE. Production trigger via llama-mtmd-cli is currently blocked by a ggml_reshape_2d warmup ASSERT (the model's pretrained position-embedding tensor doesn't match the attacker's image_size).

This repo holds the standalone ASAN log only.

See full huntr submission for caveat.