Skip to content

b9917

Choose a tag to compare

@github-actions github-actions released this 08 Jul 13:00
4a7ee31

fix: OOB reads in UGM tokenizer (precompiled_charsmap handling) (#18750)

  • fix: OOB reads in UGM tokenizer (precompiled_charsmap handling)
  • Validate minimum size (4 bytes) before reading xcda_blob_size
  • Use strnlen with bounds check instead of unsafe strlen

Both issues allow heap-buffer-overflow from malicious T5/UGM GGUF files.

  • Replace unsafe strnlen() with a bounds-checked loop that scans for \0 within the remaining array size.

  • move bounds checks to load

  • typo merge fix


Co-authored-by: hourhl hourhl8200@gmail.com
Co-authored-by: Sigbjørn Skjæret 1629204+CISC@users.noreply.github.com

macOS/iOS:

Linux:

Android:

Windows:

openEuler:

  • DISABLED
  • openEuler x86 (310p)
  • openEuler x86 (910b, ACL Graph)
  • openEuler aarch64 (310p)
  • openEuler aarch64 (910b, ACL Graph)

UI: