vbatts/llama.cpp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix memory corruption bug in gguf

Browse source 
ctx->kv and ctx->infos was reallocated using not-aligned realloc, but freed with aligned free.
to fix this a GGML_ALIGNED_REALLOC was added, but there is no posix_memalign_realloc function.
so on non-windows and non-mingw32 platforms we fall back to aligned malloc, followed by copying
and freeing the old data.
This commit is contained in:
xaedes 2023-08-28 01:46:37 +02:00
parent 0b2c85b025
commit ca5b344fb1
No known key found for this signature in database
GPG key ID: 30030EDD817EA2B1
1 changed files with 15 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
ggml.c
View file

@ -195,6 +195,7 @@ typedef void * thread_ret_t;
#if defined(_MSC_VER) || defined(__MINGW32__) #if defined(_MSC_VER) || defined(__MINGW32__)
#define GGML_ALIGNED_MALLOC(size) _aligned_malloc(size, GGML_MEM_ALIGN) #define GGML_ALIGNED_MALLOC(size) _aligned_malloc(size, GGML_MEM_ALIGN)
#define GGML_ALIGNED_REALLOC(ptr, old_size, size) _aligned_realloc(ptr, size, GGML_MEM_ALIGN)
#define GGML_ALIGNED_FREE(ptr) _aligned_free(ptr) #define GGML_ALIGNED_FREE(ptr) _aligned_free(ptr)
#else #else
inline static void * ggml_aligned_malloc(size_t size) { inline static void * ggml_aligned_malloc(size_t size) {
@ -220,7 +221,15 @@ inline static void * ggml_aligned_malloc(size_t size) {
} }
return aligned_memory; return aligned_memory;
} }
inline static void * ggml_aligned_realloc(void * ptr, size_t old_size, size_t size) {
// There is no posix_memalign_realloc function
void * result = ggml_aligned_malloc(size);
memcpy(result, ptr, old_size);
free(ptr);
return result;
}
#define GGML_ALIGNED_MALLOC(size) ggml_aligned_malloc(size) #define GGML_ALIGNED_MALLOC(size) ggml_aligned_malloc(size)
#define GGML_ALIGNED_REALLOC(ptr, old_size, size) ggml_aligned_realloc(size)
#define GGML_ALIGNED_FREE(ptr) free(ptr) #define GGML_ALIGNED_FREE(ptr) free(ptr)
#endif #endif
@ -20073,7 +20082,7 @@ static int gguf_get_or_add_key(struct gguf_context * ctx, const char * key) {
const int n_kv = gguf_get_n_kv(ctx); const int n_kv = gguf_get_n_kv(ctx);
ctx->kv = realloc(ctx->kv, (n_kv + 1) * sizeof(struct gguf_kv)); ctx->kv = GGML_ALIGNED_REALLOC(ctx->kv, n_kv * sizeof(struct gguf_kv), (n_kv + 1) * sizeof(struct gguf_kv));
ctx->kv[n_kv].key.n = strlen(key); ctx->kv[n_kv].key.n = strlen(key);
ctx->kv[n_kv].key.data = strdup(key); ctx->kv[n_kv].key.data = strdup(key);
ctx->header.n_kv++; ctx->header.n_kv++;
@ -20230,7 +20239,7 @@ void gguf_add_tensor(
struct gguf_context * ctx, struct gguf_context * ctx,
const struct ggml_tensor * tensor) { const struct ggml_tensor * tensor) {
const int idx = ctx->header.n_tensors; const int idx = ctx->header.n_tensors;
ctx->infos = realloc(ctx->infos, (idx + 1)*sizeof(struct gguf_tensor_info)); ctx->infos = GGML_ALIGNED_REALLOC(ctx->infos, idx*sizeof(struct gguf_tensor_info), (idx + 1)*sizeof(struct gguf_tensor_info));
ctx->infos[idx].name.n = strlen(tensor->name); ctx->infos[idx].name.n = strlen(tensor->name);
ctx->infos[idx].name.data = strdup(tensor->name); ctx->infos[idx].name.data = strdup(tensor->name);