YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PoC: Zero numel Storage Bypass in JIT Unpickler β Null Dereference
Vulnerability: unpickler.cpp:570 uses if (numel > 0) to guard storage data reads. A numel value of 0 in the pickle stream bypasses this check, creating a Storage with NULL data pointer. rebuildTensor then restores the original shape {2,4}, creating a tensor that claims 8 float32 elements backed by 0 bytes at NULL. Any tensor operation crashes with SIGSEGV.
Files
poc_zero_numel.pyβ Full PoC (null storage demo, SIGSEGV crash, comparison, code analysis)
Quick Start
pip install torch
python poc_zero_numel.py
Expected Output
- Part 1: Model loads with NULL data pointer (data_ptr=0x0, storage_nbytes=0, shape=[2,4])
- Part 2: SIGSEGV crash on tensor operations (sum, add, clone)
- Part 3: Comparison showing numel=0 bypasses all checks vs negative numel being caught
- Part 4: Vulnerable code analysis and suggested fix
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support