Protect NNUE header parsing against oversized descriptions#2

Draft

RainRat wants to merge 1 commit intomasterfrom

codex/define-maximum-description-length-constant

Owner

RainRat commented Sep 20, 2025

Summary

cap the NNUE header description length and verify remaining bytes before reading
ensure the NNUE header reader stops on truncated or otherwise corrupt metadata
add regression tests that load toy NNUE files through the Stockfish binary to confirm failures

Testing

make build -j2
python - <<'PY'
import pathlib
import struct
import subprocess
import tempfile
VERSION=0x7AF32F20
HASH_VALUE=1007697522
MAX_DESCRIPTION_LENGTH=4096
root=pathlib.Path('.').resolve()
stockfish=root/'src'/('stockfish.exe' if subprocess.os.name=='nt' else 'stockfish')
commands='\n'.join(['uci','setoption name UCI_Variant value chess','setoption name Use NNUE value true','setoption name EvalFile value {path}','isready','go depth 1','quit'])+'\n'
def run(payload):
with tempfile.NamedTemporaryFile(prefix='chess-', suffix='.nnue', delete=False) as tmp:
tmp.write(payload)
tmp_path=pathlib.Path(tmp.name)
try:
result=subprocess.run([str(stockfish)],input=commands.format(path=tmp_path.as_posix()),text=True,capture_output=True,timeout=10)
return result.returncode,'was not loaded successfully' in result.stdout
finally:
tmp_path.unlink(missing_ok=True)
print('Oversized header check:',run(struct.pack('<III',VERSION,HASH_VALUE,MAX_DESCRIPTION_LENGTH+1)))
print('Truncated header check:',run(struct.pack('<III',VERSION,HASH_VALUE,16)+b'abcd'))
PY

https://chatgpt.com/codex/tasks/task_e_68ce0e5c2834833096412d6177c0c77e


          Protect NNUE header parsing against oversized descriptions

a041e5a

RainRat added the codex label

— with

ChatGPT Codex Connector

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels