From 3decef36a87ea625854170c03e7f07625d0c9afa Mon Sep 17 00:00:00 2001
From: KD2YCU <me@kd2ycu.com>
Date: Fri, 3 Apr 2026 22:05:15 -0400
Subject: [PATCH] Replace assert() with runtime check for tensor ndim bounds

gguf_get_tensor() validates tensor->ndim against GGUF_TENSOR_MAX_DIM
using assert(), which is compiled out in release builds (NDEBUG). A
crafted GGUF file with ndim > 8 causes the subsequent dimension-reading
loop to write past the end of the fixed-size dim[8] array, corrupting
adjacent struct members and stack memory.

Replace the assert() with a proper runtime check that returns 0 with
tensor->name = NULL, following the existing error convention used for
invalid tensor types (line 290).

The GGUF spec (ggml/docs/gguf.md) states tensor dimensions are
"currently at most 4" and GGUF_TENSOR_MAX_DIM is already set to 8
for future-proofing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 gguflib.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gguflib.c b/gguflib.c
index aa68527..dc6209f 100644
--- a/gguflib.c
+++ b/gguflib.c
@@ -272,7 +272,10 @@ int gguf_get_tensor(gguf_ctx *ctx, gguf_tensor *tensor) {
     uint32_t *num_dim = (uint32_t*) (ctx->data+ctx->off);
     ctx->off += 4;  // Skip number of dimensions.
     tensor->ndim = *num_dim;
-    assert(tensor->ndim <= GGUF_TENSOR_MAX_DIM);
+    if (tensor->ndim > GGUF_TENSOR_MAX_DIM) {
+        tensor->name = NULL;
+        return 0;
+    }
 
     /* Read the dimentions: all the unused dimensions are set to 1. */
     tensor->num_weights = 1;