Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mozilla-ai/llamafile
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d05e8ce
Choose a base ref
...
head repository: mozilla-ai/llamafile
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 8eca66e
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Dec 7, 2025

  1. Fix integer overflow DoS vulnerability in tokenization 

    Fixes #835

When an extremely large prompt (>2^31 characters) is sent to the
llamafile server, the tokenization function would experience integer
overflow, causing a crash with std::length_error and terminating
the entire server process.

Root cause: In llamafile/llama.cpp line 50, text.size() (size_t/uint64)
was being added to a small value and assigned to int (int32), causing
overflow when text.size() exceeded INT_MAX.

Fix: Added bounds checking before the addition to prevent overflow.
If the input text is too large, we now throw std::length_error with
the same error message that llama.cpp naturally throws, which the
worker exception handler will catch and log.

This matches the behavior of standalone llama.cpp which has internal
bounds checks in std::vector and returns a controlled 500 error rather
than crashing the process.

Security impact: Prevents remote unauthenticated DoS attack where an
attacker could crash the llamafile server by sending an oversized prompt.
    @anivar
    anivar committed Dec 7, 2025
    Configuration menu
    Copy the full SHA
    8eca66e View commit details
    Browse the repository at this point in the history
Loading