gguf : reject empty metadata key names during parsing#22410
Closed
rxho wants to merge 1 commit intoggml-org:masterfrom
Closed
gguf : reject empty metadata key names during parsing#22410rxho wants to merge 1 commit intoggml-org:masterfrom
rxho wants to merge 1 commit intoggml-org:masterfrom
Conversation
github-actions
Bot
added
testing
|
Hi @rxho, thanks for your contribution! Per our contribution guidelines, the automated PR checker found the following issue(s) that need your attention:
Please note that maintainers reserve the right to make final decisions on PRs. If you believe there is a mistake, please comment below. |
Fixes ggml-org#20873: a malformed GGUF file with a zero-length key string triggers GGML_ASSERT(!key.empty()) in the gguf_kv constructor. Add an early check in gguf_init_from_file_ptr that rejects empty keys with an error log, consistent with existing duplicate-key and bad-key-size validation. Three new handcrafted test cases: - KV_EMPTY_KEY: all keys are empty - KV_EMPTY_KEY_ONLY_FIRST: only the first key is empty - KV_EMPTY_KEY_ONLY_MID: a middle key is empty Signed-off-by: rxho <ryanxho@outlook.com>
rxho
force-pushed
the
fix/gguf-empty-key-validation
branch
from
e5bc588 to
e934e22
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix #20873 — malformed GGUF files with zero-length key strings trigger
GGML_ASSERT(!key.empty())in thegguf_kvconstructor, causing an abort. The parser should reject such files gracefully with an error log instead.Root Cause
In
ggml/src/gguf.cpp,gguf_init_from_file_ptrreads a key string from the file and passes it directly to thegguf_kvconstructor without checking for empty keys. The constructor asserts non-empty, which aborts in debug builds and is UB in release.There is already validation for duplicate keys and bad key sizes, but no check for the zero-length key case.
Fix
Add a guard immediately after the key is read (after the existing
bad_alloccatch), before the duplicate-key loop:This follows the same pattern as the existing duplicate-key validation.
Changes
ggml/src/gguf.cpptests/test-gguf.cppTest Plan
Three new handcrafted GGUF file types exercise the fix:
KV_EMPTY_KEYKV_EMPTY_KEY_ONLY_FIRSTKV_EMPTY_KEY_ONLY_MIDAll three should fail gracefully (parser returns
nullptr/ error count incremented) without triggeringGGML_ASSERT.