| tags: | |
| - safetensors | |
| - security-research | |
| # SafeTensors C++ Integer Overflow PoC | |
| **Security Research - Responsible Disclosure via huntr** | |
| ## Vulnerability | |
| safetensors-cpp `get_shape_size()` multiplies shape dimensions without overflow checking. | |
| The Rust reference implementation uses `checked_mul` and rejects overflow. | |
| Shape `[4194305, 4194305, 211106198978564]` overflows uint64 to 4. | |
| Parser allocates 16 bytes, consumer iterates 4194305+ elements -> heap overflow. | |
| ## ASan Result | |
| ``` | |
| AddressSanitizer: heap-buffer-overflow WRITE of size 4 | |
| 0x6020000001a0 is located 0 bytes after 16-byte region | |
| ``` | |
| ## Reproduction | |
| ```bash | |
| python3 craft_overflow.py | |
| g++ -std=c++17 -DSAFETENSORS_CPP_IMPLEMENTATION -fsanitize=address -I safetensors-cpp -o crash crash_overflow.cc | |
| ./crash overflow_tensor.safetensors | |
| ``` | |