Instructions to use hacnho/tensorrt-detectionlayer-anchorscnt-suppression-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-detectionlayer-anchorscnt-suppression-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
TensorRT DetectionLayer anchors_cnt suppression proof of concept
This repository contains a bounded research PoC for TensorRT (.engine / .trt / .mytrtfile).
The security question is whether a serialized DetectionLayer_TRT payload can carry an attacker-controlled anchors_cnt value that is inconsistent with the actual anchor input tensor, while the final engine still deserializes and executes normally and silently suppresses detections.
Files
control.engineanchors-cnt-4096.engineverify_remote_poc.pyrequirements.txt
What the files demonstrate
Control:
positive_cls -> [0.5]
mixed_bbox -> [0.11951626092195511]
Malicious serialized anchors_cnt = 4096:
positive_cls -> [0.0]
mixed_bbox -> [0.0]
The same suppression was also observed for anchors_cnt = 128.
Verify the public HF artifacts
After unauthenticated download, run:
python verify_remote_poc.py
Expected result:
- all engines deserialize successfully
- all engines execute successfully
- control output is non-zero on detection presets
- the
anchors-cnt-4096.engineoutput suppresses those detections to zero semantic_suppression_observedistrue
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support