# TensorRT VULN-004: Input-Controlled DoS via While-Loop Models

## Vulnerability

A structurally valid ONNX model (351 bytes) using a condition-dependent Loop
operator hangs indefinitely during TensorRT inference when given a malicious
input value. The model works correctly with normal inputs but hangs permanently
with extreme inputs.

## Distinct from VULN-003

- VULN-003: Malicious MODEL with static INT64_MAX trip count
- VULN-004: Normal MODEL + malicious INPUT data
- VULN-003 fix (validate max_trip_count) does NOT prevent this
- Requires runtime protection: inference timeout / iteration budget

## Impact

- Input-controlled DoS for any TRT model using while-loops
- Attacker only needs to send a single malicious float value
- Affects Triton, TensorRT-LLM, any TRT-based pipeline
- Model is structurally valid -- cannot be detected by static analysis

## Files

| File | Description |
|------|-------------|
| vuln004_input_dos.py | Main PoC script |
| while_loop.onnx | While-loop ONNX model (351 bytes) |
| while_loop.engine | Compiled TRT engine (11,124 bytes) |

## Reproduction

```bash
pip install tensorrt onnx torch numpy
python vuln004_input_dos.py
```

## Results

- counter=10: completes in 0.001s
- counter=1000: completes in 0.055s
- counter=1e6: HANGS indefinitely
- counter=1e30: HANGS indefinitely
- counter=FLT_MAX: HANGS indefinitely
- No timeout, no warning, no error