-
Notifications
You must be signed in to change notification settings - Fork 960
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gguf : add input validation, prevent integer overflows #709
Conversation
4b10eda
to
866cc68
Compare
Not directly related to this, but shouldn't these cases be Lines 19360 to 19363 in 866cc68
|
I think this may also cause a buffer overflow if Lines 19391 to 19394 in 866cc68
|
This Line 19395 in 866cc68
|
src/ggml.c
Outdated
ok = ok && gguf_fread_el (file, &info->type, sizeof(info->type), &offset); | ||
ok = ok && gguf_fread_el (file, &info->offset, sizeof(info->offset), &offset); | ||
|
||
ok = ok && (info->type < GGML_TYPE_COUNT); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no guarantee that the underlying type of the enum is unsigned, so I think it would be good to also check for type >= 0
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixes look pretty good, I would also suggest checking the return of calloc/malloc for error, currently it will return a null pointer and crash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just noticed you're using GGUF_TYPE_SIZE indexing using an arbitrary value read from the file. This could be used to index to a large value elsewhere and cause a wrap again, a check needs to be added when reading in the type value.
Lines 19439 to 19453 in fb345bd
There are a few potential integer overflows here when computing the size, and this size may be later used to allocate a buffer, which then may result in a buffer overflow when reading the data. |
Line 19400 in fb345bd
We should probably check that the offset and the end of the tensor is within the size of the file. |
Line 19399 in fb345bd
We should check that the type is valid. |
Lines 19466 to 19469 in fb345bd
It seem unlikely to happen in practice, even with no_alloc a large enough n_tensors could cause an integer overflow. It would probably be good to wrap all the integer operations in functions that check for overflows.
|
Line 19288 in fb345bd
This is another potential integer overflow that may cause a the buffer to be too small. |
290a222
to
78fd95e
Compare
Think I covered all of the listed concerns. Will merge this and if you spot something else, directly open a PR. Thanks |
Input validation when reading GGUF files
Without these checks it is possible for crafted GGUF files to cause integer overflows, followed by heap overflows.
Thanks to Databricks team for responsibly reporting these