--- license: mit tags: - security - llama.cpp - gguf - poc --- # llama.cpp Gemma3 Integer Division-by-Zero PoC Proof-of-concept for a division-by-zero vulnerability in llama.cpp's Gemma3 architecture loader. **Vulnerable file:** `src/models/gemma3.cpp:32` ## Files - `poc_gemma3_divzero.gguf` — 235-byte malicious GGUF (no tensors, triggers SIGFPE on x86_64) - `reproducer.cpp` — standalone C++ reproducer (no llama.cpp build needed) ## Quick test ```bash # Standalone (no llama.cpp needed) g++ -o reproducer reproducer.cpp -fsanitize=undefined -fno-sanitize-recover=all ./reproducer # Expected: runtime error: division by zero # With llama.cpp ./llama-cli -m poc_gemma3_divzero.gguf -p 'hello' # Expected on x86_64: Floating point exception (exit 136) ``` ## Root cause When `block_count=62` (→ `LLM_TYPE_27B`) and `attention.head_count` is absent from the GGUF, `n_head(0)` returns 0 and the expression `n_embd / n_head(0)` is integer division-by-zero. Reported via [Huntr](https://huntr.com) bug bounty program.