llama.cpp GGUF tokenizer array type mismatch PoC
This repository contains a benign security research PoC for a llama.cpp GGUF
metadata parsing issue in src/llama-vocab.cpp.
The malformed GGUF files declare tokenizer metadata arrays with one-byte
INT8 elements while the vocabulary loader later consumes the same backing
storage as four-byte float or int arrays.
Files
poc_scores_int8.gguf:tokenizer.ggml.scores = INT8[8]poc_token_type_int8.gguf:tokenizer.ggml.token_type = INT8[8]control_valid_vocab.gguf: valid negative controlasan_scores_int8.txt: ASan crash log for the scores caseasan_token_type_int8.txt: ASan crash log for the token_type caserelease_*.txt: release-build behavior logsgen_vocab_type_poc.py: artifact generatorHUNTR_REPORT.md: concise report textHUNTR_FORM.txt: short form-ready submission text
Tested Upstream
Current upstream checked at:
fd5869fb62f3eb2ba6e7ba93d557a2a0b2fa951f
The affected code still performs count checks before raw casts, but does not validate the declared GGUF array element type for these two metadata arrays.
- Downloads last month
- -
Hardware compatibility
Log In to add your hardware
We're not able to determine the quantization variants.
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support