mirror of
https://github.com/ggerganov/llama.cpp.git
synced 2025-01-14 22:38:58 +01:00
ggml : fix memory leaks when loading invalid gguf files (#10094)
* ggml : fix gguf string leak when reading kv pairs fails * ggml : avoid crashing with GGML_ABORT when the KV has an invalid type * ggml : avoid crashing on failed memory allocations when loading a gguf file
This commit is contained in:
parent
6763f713bb
commit
b9e02e8184
@ -22136,7 +22136,11 @@ static bool gguf_fread_str(FILE * file, struct gguf_str * p, size_t * offset) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
p->data = GGML_CALLOC(p->n + 1, 1);
|
p->data = calloc(p->n + 1, 1);
|
||||||
|
if (!p->data) {
|
||||||
|
fprintf(stderr, "%s: failed to allocate memory for string of length %" PRIu64 "\n", __func__, p->n);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
ok = ok && gguf_fread_el(file, p->data, p->n, offset);
|
ok = ok && gguf_fread_el(file, p->data, p->n, offset);
|
||||||
|
|
||||||
@ -22170,7 +22174,11 @@ static void gguf_free_kv(struct gguf_kv * kv) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct gguf_context * gguf_init_empty(void) {
|
struct gguf_context * gguf_init_empty(void) {
|
||||||
struct gguf_context * ctx = GGML_CALLOC(1, sizeof(struct gguf_context));
|
struct gguf_context * ctx = calloc(1, sizeof(struct gguf_context));
|
||||||
|
if (!ctx) {
|
||||||
|
fprintf(stderr, "%s: failed to allocate memory for context\n", __func__);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
memcpy(ctx->header.magic, GGUF_MAGIC, sizeof(ctx->header.magic));
|
memcpy(ctx->header.magic, GGUF_MAGIC, sizeof(ctx->header.magic));
|
||||||
ctx->header.version = GGUF_VERSION;
|
ctx->header.version = GGUF_VERSION;
|
||||||
@ -22216,7 +22224,12 @@ struct gguf_context * gguf_init_from_file(const char * fname, struct gguf_init_p
|
|||||||
|
|
||||||
bool ok = true;
|
bool ok = true;
|
||||||
|
|
||||||
struct gguf_context * ctx = GGML_CALLOC(1, sizeof(struct gguf_context));
|
struct gguf_context * ctx = calloc(1, sizeof(struct gguf_context));
|
||||||
|
if (!ctx) {
|
||||||
|
fprintf(stderr, "%s: failed to allocate memory for context\n", __func__);
|
||||||
|
fclose(file);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
// read the header
|
// read the header
|
||||||
{
|
{
|
||||||
@ -22255,9 +22268,13 @@ struct gguf_context * gguf_init_from_file(const char * fname, struct gguf_init_p
|
|||||||
{
|
{
|
||||||
const uint64_t n_kv = ctx->header.n_kv;
|
const uint64_t n_kv = ctx->header.n_kv;
|
||||||
|
|
||||||
// header.n_kv will hold the actual value of pairs that were successfully read in the loop below
|
ctx->kv = calloc(n_kv, sizeof(struct gguf_kv));
|
||||||
ctx->header.n_kv = 0;
|
if (!ctx->kv) {
|
||||||
ctx->kv = GGML_CALLOC(n_kv, sizeof(struct gguf_kv));
|
fprintf(stderr, "%s: failed to allocate memory for kv pairs\n", __func__);
|
||||||
|
fclose(file);
|
||||||
|
gguf_free(ctx);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
for (uint64_t i = 0; i < n_kv; ++i) {
|
for (uint64_t i = 0; i < n_kv; ++i) {
|
||||||
struct gguf_kv * kv = &ctx->kv[i];
|
struct gguf_kv * kv = &ctx->kv[i];
|
||||||
@ -22308,7 +22325,13 @@ struct gguf_context * gguf_init_from_file(const char * fname, struct gguf_init_p
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
kv->value.arr.data = GGML_CALLOC(kv->value.arr.n, gguf_type_size(kv->value.arr.type));
|
kv->value.arr.data = calloc(kv->value.arr.n, gguf_type_size(kv->value.arr.type));
|
||||||
|
if (!kv->value.arr.data) {
|
||||||
|
fprintf(stderr, "%s: failed to allocate memory for array\n", __func__);
|
||||||
|
fclose(file);
|
||||||
|
gguf_free(ctx);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
ok = ok && gguf_fread_el(file, kv->value.arr.data, kv->value.arr.n * gguf_type_size(kv->value.arr.type), &offset);
|
ok = ok && gguf_fread_el(file, kv->value.arr.data, kv->value.arr.n * gguf_type_size(kv->value.arr.type), &offset);
|
||||||
} break;
|
} break;
|
||||||
@ -22322,24 +22345,36 @@ struct gguf_context * gguf_init_from_file(const char * fname, struct gguf_init_p
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
kv->value.arr.data = GGML_CALLOC(kv->value.arr.n, sizeof(struct gguf_str));
|
kv->value.arr.data = calloc(kv->value.arr.n, sizeof(struct gguf_str));
|
||||||
|
if (!kv->value.arr.data) {
|
||||||
|
fprintf(stderr, "%s: failed to allocate memory for array\n", __func__);
|
||||||
|
fclose(file);
|
||||||
|
gguf_free(ctx);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
for (uint64_t j = 0; j < kv->value.arr.n; ++j) {
|
for (uint64_t j = 0; j < kv->value.arr.n; ++j) {
|
||||||
ok = ok && gguf_fread_str(file, &((struct gguf_str *) kv->value.arr.data)[j], &offset);
|
ok = ok && gguf_fread_str(file, &((struct gguf_str *) kv->value.arr.data)[j], &offset);
|
||||||
}
|
}
|
||||||
} break;
|
} break;
|
||||||
case GGUF_TYPE_ARRAY:
|
case GGUF_TYPE_ARRAY:
|
||||||
default: GGML_ABORT("invalid type");
|
default:
|
||||||
|
{
|
||||||
|
fprintf(stderr, "%s: invalid array type %d\n", __func__, kv->value.arr.type);
|
||||||
|
ok = false;
|
||||||
|
} break;
|
||||||
}
|
}
|
||||||
} break;
|
} break;
|
||||||
default: GGML_ABORT("invalid type");
|
default:
|
||||||
|
{
|
||||||
|
fprintf(stderr, "%s: invalid type %d\n", __func__, kv->type);
|
||||||
|
ok = false;
|
||||||
|
} break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx->header.n_kv++;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
@ -22352,7 +22387,13 @@ struct gguf_context * gguf_init_from_file(const char * fname, struct gguf_init_p
|
|||||||
|
|
||||||
// read the tensor infos
|
// read the tensor infos
|
||||||
if (ctx->header.n_tensors > 0) {
|
if (ctx->header.n_tensors > 0) {
|
||||||
ctx->infos = GGML_CALLOC(ctx->header.n_tensors, sizeof(struct gguf_tensor_info));
|
ctx->infos = calloc(ctx->header.n_tensors, sizeof(struct gguf_tensor_info));
|
||||||
|
if (!ctx->infos) {
|
||||||
|
fprintf(stderr, "%s: failed to allocate memory for tensor infos\n", __func__);
|
||||||
|
fclose(file);
|
||||||
|
gguf_free(ctx);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
for (uint64_t i = 0; i < ctx->header.n_tensors; ++i) {
|
for (uint64_t i = 0; i < ctx->header.n_tensors; ++i) {
|
||||||
struct gguf_tensor_info * info = &ctx->infos[i];
|
struct gguf_tensor_info * info = &ctx->infos[i];
|
||||||
|
Loading…
Reference in New Issue
Block a user