heehee0219's picture
add README
7e758c9 verified
|
Raw
History Blame Contribute Delete
863 Bytes
# llama.cpp MiniCPM-V bucket_coords stack-OOB PoC (standalone)
> ⚠️ Security research artifact — gated to ProtectAI/huntr triage. **Standalone-only** PoC for stack-buffer-overflow in `llama.cpp tools/mtmd/clip.cpp`.
## Submission
huntr.com Model File Vulnerabilities (MFV) — submitted by `heehee0219`.
## Honest disclosure
The bug at `clip.cpp:3240-3253` (case `PROJECTOR_TYPE_MINICPMV`) writes past two FIXED `int[1024]` stack arrays when attacker `clip.vision.image_size / patch_size > 1024`. Standalone byte-for-byte ASAN reproducer captures stack-buffer-overflow WRITE. Production trigger via `llama-mtmd-cli` is currently blocked by a `ggml_reshape_2d` warmup ASSERT (the model's pretrained position-embedding tensor doesn't match the attacker's image_size).
This repo holds the standalone ASAN log only.
See full huntr submission for caveat.