Hugging Face's logo

treforbenbow
/
tensorrt-oob-read-convertint32data

ONNX
Model card Files
xet
 Community
tensorrt-oob-read-convertint32data / README.md
treforbenbow's picture
treforbenbow
Upload README.md with huggingface_hub
7250c36 verified
preview code
|
raw
history blame contribute delete
396 Bytes

VULN-012: Heap OOB Read in TensorRT ONNX Parser (convertInt32Data)

CWE-125. convertInt32Data() reads volume(shape) elements from int32_data without bounds check. Undersized int32_data causes heap OOB read -> ACCESS_VIOLATION.

Affected types: FLOAT16, BFLOAT16, INT8, BOOL. Tested on TensorRT 10.15.1.29.

Run: python reproduce.py (each model is ~77 bytes, crashes during parse).