sleepy/llama.cpp
1
0
Fork 0
Code Issues 11 Pull Requests Actions 108 Packages Projects Releases Wiki Activity
Files
b8908
llama.cpp/tools
T
History
Song Li c78fb909b2 server: fix heap-buffer-overflow from negative n_discard (CVE-2026-21869) (#22267) 
* server: clamp n_discard to non-negative at JSON parse boundary (CVE-2026-21869)

A negative n_discard from client JSON causes heap-buffer-overflow in
update_slots() context-shift loop (CWE-787, CVSS 8.8). Clamp to 0 at
ingress; n_discard=0 already triggers auto-discard (n_left/2).

Ref: GHSA-8947-pfff-2f3c

* cont : cleaner

* cont : cleanerer

* cont : cleanest

---------

Co-authored-by: Georgi Gerganov <ggerganov@gmail.com>
2026-04-23 18:39:07 +02:00
..
batched-bench
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
cli
cli : cleanup auto-completion code (#21745)
2026-04-23 15:03:28 +02:00
completion
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
cvector-generator
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
export-lora
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
fit-params
fit-params : refactor + add option to output estimated memory per device (#22171)
2026-04-21 09:54:36 +03:00
gguf-split
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
imatrix
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
llama-bench
fit-params : refactor + add option to output estimated memory per device (#22171)
2026-04-21 09:54:36 +03:00
mtmd
mtmd: also support LLAMA_ROPE_TYPE_NONE (#22242)
2026-04-22 12:16:29 +02:00
parser
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
perplexity
fit-params : refactor + add option to output estimated memory per device (#22171)
2026-04-21 09:54:36 +03:00
quantize
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
results
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
rpc
rpc : add native RDMA transport for RPC backend (RoCEv2) (#20590)
2026-04-15 16:44:02 +03:00
server
server: fix heap-buffer-overflow from negative n_discard (CVE-2026-21869) (#22267)
2026-04-23 18:39:07 +02:00
tokenize
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
tts
libs : rename libcommon -> libllama-common (#21936)
2026-04-17 11:11:46 +03:00
CMakeLists.txt
llama: end-to-end tests (#19802)
2026-03-08 12:30:21 +01:00