fix: validate input size in parseSafetensors to prevent integer overflow

2026-04-23 08:45:14 +00:00 · 2025-03-23 15:35:43 +07:00 · 2025-03-23 15:35:43 +07:00 · e565970a20
parent 4b34930a31
commit e565970a20
1 changed files with 5 additions and 0 deletions
--- a/convert/reader_safetensors.go
+++ b/convert/reader_safetensors.go
@ -36,6 +36,11 @@ func parseSafetensors(fsys fs.FS, replacer *strings.Replacer, ps ...string) ([]T
 			return nil, err
 		}

+		// Validate the value of n
+		if n <= 0 || n > 1<<30 { // Example: Limit n to 1GB for safety
+			return nil, fmt.Errorf("invalid or excessive size for safetensors file: %d", n)
+		}
+
 		b := bytes.NewBuffer(make([]byte, 0, n))
 		if _, err = io.CopyN(b, f, n); err != nil {
 			return nil, err