| # llama.cpp MiniCPM-V bucket_coords stack-OOB PoC (standalone) |
| |
| > ⚠️ Security research artifact — gated to ProtectAI/huntr triage. **Standalone-only** PoC for stack-buffer-overflow in `llama.cpp tools/mtmd/clip.cpp`. |
| |
| ## Submission |
| |
| huntr.com Model File Vulnerabilities (MFV) — submitted by `heehee0219`. |
| |
| ## Honest disclosure |
| |
| The bug at `clip.cpp:3240-3253` (case `PROJECTOR_TYPE_MINICPMV`) writes past two FIXED `int[1024]` stack arrays when attacker `clip.vision.image_size / patch_size > 1024`. Standalone byte-for-byte ASAN reproducer captures stack-buffer-overflow WRITE. Production trigger via `llama-mtmd-cli` is currently blocked by a `ggml_reshape_2d` warmup ASSERT (the model's pretrained position-embedding tensor doesn't match the attacker's image_size). |
|
|
| This repo holds the standalone ASAN log only. |
|
|
| See full huntr submission for caveat. |
|
|