Skip to content

use weights_only in conversion script to prevent model arbitrary code execution #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 12, 2023
Merged

use weights_only in conversion script to prevent model arbitrary code execution #32

merged 1 commit into from
Mar 12, 2023

Conversation

@deepdiffuser
Copy link
Contributor

@deepdiffuser deepdiffuser commented Mar 12, 2023

this restricts malicious weights from executing arbitrary code by restricting the unpickler to only loading tensors, primitive types, and dictionaries.

see torch.load docs

https://pytorch.org/docs/stable/generated/torch.load.html

i tested this and it seems to work the same as before

@deepdiffuser
use weights_only in conversion script
1ed5c7c 
this restricts malicious weights from executing arbitrary code by restricting the unpickler to only loading tensors, primitive types, and dictionaries
@ggerganov ggerganov merged commit a931202 into ggml-org:master Mar 12, 2023
@wizzard0
Copy link
Contributor

wizzard0 commented Mar 12, 2023

@deepdiffuser I do support this change, but now I get

TypeError: 'weights_only' is an invalid keyword argument for Unpickler()

Any ideas?

@deepdiffuser
Copy link
Contributor Author

deepdiffuser commented Mar 12, 2023

what version of pytorch? I believe you need 1.13.1 for this arg

@wizzard0
Copy link
Contributor

wizzard0 commented Mar 12, 2023

Ah, I see. conda gets you 1.12.1. Let's keep this thread for posterity.

@wizzard0 wizzard0 mentioned this pull request Mar 12, 2023
Merged
flowgrad pushed a commit to flowgrad/llama.cpp that referenced this pull request Jun 27, 2023
@cmp-nct
Merge pull request ggml-org#32 from cmp-nct/cuda-performance-broadcast
4ca3961 
Cuda performance broadcast
@Bearsaerker Bearsaerker mentioned this pull request Mar 12, 2025
Closed
@uttampc1 uttampc1 mentioned this pull request Nov 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deepdiffuser @wizzard0 @ggerganov