README.md

metadata

license: mit

TensorRT Deserialize OOB PoC by yee3642

This repository contains a non-weaponized proof-of-concept model file for a TensorRT plugin deserialization out-of-bounds read / denial-of-service issue.

Contents

• security-poc/yee3642_poc_truncated.mytrtfile - malformed 1-byte PoC model file
• security-poc/deserialize_value_oob_poc.cpp - local reproducer harness
• security-poc/make_poc_blob.py - generator for the malformed file
• security-poc/README.md - detailed reproduction notes

Reproduction overview

1. Clone the audited TensorRT source tree.
2. Copy the security-poc/ directory from this repository into the TensorRT repository root.
3. Build the harness with -DNDEBUG and AddressSanitizer.
4. Run the harness against security-poc/yee3642_poc_truncated.mytrtfile.

Expected result: AddressSanitizer reports heap-buffer-overflow in plugin/common/serialize.hpp:58.