YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PoC: MegEngine β load_tensor_layout Stack OOB WRITE β RIP Redirect
Vulnerability
In serializer_oss.cpp, load_tensor_layout() copies shape dimensions from a
flatbuffer model into a stack-allocated TensorLayout with fixed shape[MAX_NDIM=7].
The number of dimensions n comes from the file with NO check against MAX_NDIM.
Stack Layout (overflow path)
shape[0..6] β valid (56 bytes)
shape[7] β overwrites ndim (controlled)
shape[8..14] β overwrites stride[] (controlled)
shape[15] β overwrites dtype (DTypeTrait* pointer β controlled!)
shape[16] β overwrites format (ImplBase* pointer β controlled!)
shape[17+] β overwrites stack canary, saved RBP, return address
Proof
callback = 0xe920030 β OVERFLOW-WRITTEN
canary1 = 0xe920030 β OVERFLOW-WRITTEN
[EXPLOITED] Victim corrupted by MegEngine overflow!
Calling victim->callback() with OVERFLOW-WRITTEN pointer...
[ACE CONFIRMED] RIP redirected into attacker-controlled data!
Note: Real exploitation must bypass stack canary. Corrupted dtype/format pointers are dereferenced before function return, providing a potential canary-bypass path.
Reproduction
clang++ -g -O0 -std=c++17 -o poc poc_megengine_ace.cpp && ./poc
Suggested Fix
// serializer_oss.cpp, before line 619:
if (n > MAX_NDIM) throw MegBrainError("shape ndim exceeds MAX_NDIM");
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support