salvepilo's picture
Add README
2ce58b4 verified
|
Raw
History Blame Contribute Delete
1.03 kB
metadata
license: mit
tags:
  - security
  - llama.cpp
  - gguf
  - poc

llama.cpp Gemma3 Integer Division-by-Zero PoC

Proof-of-concept for a division-by-zero vulnerability in llama.cpp's Gemma3 architecture loader.

Vulnerable file: src/models/gemma3.cpp:32

Files

  • poc_gemma3_divzero.gguf — 235-byte malicious GGUF (no tensors, triggers SIGFPE on x86_64)
  • reproducer.cpp — standalone C++ reproducer (no llama.cpp build needed)

Quick test

# Standalone (no llama.cpp needed)
g++ -o reproducer reproducer.cpp -fsanitize=undefined -fno-sanitize-recover=all
./reproducer
# Expected: runtime error: division by zero

# With llama.cpp
./llama-cli -m poc_gemma3_divzero.gguf -p 'hello'
# Expected on x86_64: Floating point exception (exit 136)

Root cause

When block_count=62 (→ LLM_TYPE_27B) and attention.head_count is absent from the GGUF, n_head(0) returns 0 and the expression n_embd / n_head(0) is integer division-by-zero.

Reported via Huntr bug bounty program.