stable-diffusion-webui icon indicating copy to clipboard operation
stable-diffusion-webui copied to clipboard

Published 20 hours ago verified publisher icon AUTOMATIC1111

[Bug]: Exception handling in modules/safe.py for corrupt vs. potentially malicious checkpoint seems to be reversed

Open baloneysammich opened this issue 2 years ago • 0 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues and checked the recent builds/commits

What happened?

    except pickle.UnpicklingError:
        print(f"Error verifying pickled file from {filename}:", file=sys.stderr)
        print(traceback.format_exc(), file=sys.stderr)
        print(f"-----> !!!! The file is most likely corrupted !!!! <-----", file=sys.stderr)
        print(f"You can skip this check with --disable-safe-unpickle commandline argument, but that is not going to help you.\n\n", file=sys.stderr)
           return None

    except Exception:
        print(f"Error verifying pickled file from {filename}:", file=sys.stderr)
        print(traceback.format_exc(), file=sys.stderr)
        print(f"\nThe file may be malicious, so the program is not going to read it.", file=sys.stderr)
        print(f"You can skip this check with --disable-safe-unpickle commandline argument.\n\n", file=sys.stderr)
        return None

Unless I'm mistaken, pickle.UnpicklingError is raised when a checkpoint is considered potentially malicious, but the message printed for that exception indicate the checkpoint may be corrupt.

So I'm thinking the code in the exception handling blocks is swapped vs what they should be:

    except Exception:
        print(f"Error verifying pickled file from {filename}:", file=sys.stderr)
        print(traceback.format_exc(), file=sys.stderr)
        print(f"-----> !!!! The file is most likely corrupted !!!! <-----", file=sys.stderr)
        print(f"You can skip this check with --disable-safe-unpickle commandline argument, but that is not going to help you.\n\n", file=sys.stderr)
           return None

    except pickle.UnpicklingError:
        print(f"Error verifying pickled file from {filename}:", file=sys.stderr)
        print(traceback.format_exc(), file=sys.stderr)
        print(f"\nThe file may be malicious, so the program is not going to read it.", file=sys.stderr)
        print(f"You can skip this check with --disable-safe-unpickle commandline argument.\n\n", file=sys.stderr)
        return None

Steps to reproduce the problem

Comment out the following lines:

        if module == 'numpy' and name == 'dtype':
            return numpy.dtype

Try to load a checkpoint which contains numpy/dtype, such as sd-v1-4.ckpt or v1-5-pruned-emaonly.ckpt.

The following message will be printed to the console:

-----> !!!! The file is most likely corrupted !!!! <-----
You can skip this check with --disable-safe-unpickle commandline argument, but that is not going to help you.

What should have happened?

Instead of the message indicating the checkpoint may be corrupt, the message indicating the checkpoint may be malicious should be printed:

The file may be malicious, so the program is not going to read it.
You can skip this check with --disable-safe-unpickle commandline argument.

Commit where the problem happens

df0a1f83815c771246a7b1bca85d63feaefad8d1

What platforms do you use to access UI ?

Windows

What browsers do you use to access the UI ?

Mozilla Firefox

Command Line Arguments

--precision full --no-half --medvram

Additional information, context and logs

No response

baloneysammich avatar Nov 01 '22 20:11 baloneysammich