TensorRT DetectionLayer NaN score_threshold bypass proof of concept

This repository contains a bounded research PoC for TensorRT (.engine / .trt / .mytrtfile).

The security question is whether a serialized DetectionLayer_TRT payload can bypass the creator-side score_threshold >= 0 check by carrying NaN, while the final built engine still loads and executes normally and silently suppresses detections.

Files

  • control.engine
  • nan-score.engine
  • verify_remote_poc.py

What the files demonstrate

Control:

positive_cls -> [0.5]
mixed_bbox   -> [0.11951626092195511]

Malicious serialized score_threshold = NaN:

positive_cls -> [0.0]
mixed_bbox   -> [0.0]

Verify the public HF artifacts

After unauthenticated download, run:

python verify_remote_poc.py

Expected result:

  • both engines deserialize successfully
  • both engines execute successfully
  • the nan-score.engine output differs from the control on normal presets
  • semantic_suppression_observed is true
Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support