| शीर्षक | ggml-org whisper.cpp ≤ 1.8.2 (confirmed on HEAD as of 2026-05-12) NULL Pointer Dereference |
|---|
| विवरण | A crafted whisper model file with n_audio_state=0 and n_audio_layer>0 causes an unconditional process abort in whisper_model_load(). The loader reads hyperparameters from the model file without validating they are positive before using them as tensor dimensions. With n_audio_state=0, zero-dimension tensors are created with null data pointers. This triggers: (1) GGML_ASSERT(!ggml_is_transposed(a)) at ggml/src/ggml.c:3221 inside weight_buft_supported() — aborts the process unconditionally in all build types including release (-DNDEBUG does not suppress GGML_ASSERT); (2) null pointer passed to memcpy() at src/whisper.cpp:3688 when the loader reads weight data into tensor->data. A 124-byte crafted model file reproduces the crash. Confirmed on HEAD, Fedora 43 x86_64, release build — exit code 134 (SIGABRT).
|
|---|
| स्रोत | ⚠️ https://github.com/ggml-org/whisper.cpp/issues/3807 |
|---|
| उपयोगकर्ता | m00dy (UID 97162) |
|---|
| सबमिशन | 12/05/2026 06:06 PM (23 दिन पहले) |
|---|
| संयम | 31/05/2026 08:04 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367591 [ggml-org whisper.cpp तक 1.8.2 ggml/src/ggml.c whisper_model_load सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|