ryansecuritytest-fanpierlabs
/

llama-cpp-gguf-div-by-zero-poc

+---
+license: mit
+tags:
+  - security-research
+  - proof-of-concept
+  - vulnerability
+---
+# PoC: llama.cpp GGUF Division by Zero via Zero-Dimension Tensor
+**This repository contains a proof-of-concept for a security vulnerability. It is intended for responsible disclosure via huntr.com.**
+## Vulnerability
+The GGUF parser in llama.cpp (`ggml/src/gguf.cpp`) allows tensors with zero-valued dimensions to pass validation (line 623 checks `< 0` instead of `<= 0`), which triggers a division by zero at lines 632-634 when checking for integer overflow.
+**Vulnerable code:**
+```cpp
+// Line 623: allows ne[j] == 0
+if (info.t.ne[j] < 0) {  // should be <= 0
+// Lines 632-634: divides by ne[1], ne[2], ne[3]
+if (ok && ((INT64_MAX/info.t.ne[1] <= info.t.ne[0]) || ...))
+```
+## Files
+- `malicious_div_zero.gguf` — Crafted 128-byte GGUF file with tensor dimensions [1, 0]
+- `poc_llama_cpp_div_by_zero.py` — Script that generates the PoC file and explains the vulnerability
+## Reproduction
+```bash
+# Build llama.cpp
+git clone https://github.com/ggerganov/llama.cpp && cd llama.cpp
+cmake -B build && cmake --build build -j
+# Trigger crash (x86_64: SIGFPE)
+./build/bin/llama-cli -m malicious_div_zero.gguf
+```
+## Impact
+Denial of service (process crash via SIGFPE on x86_64) for any application loading crafted GGUF files.
+## Researcher
+Ryan — Fan Pier Labs (ryan@fanpierlabs.com)