From: Xuan-Son Nguyen <redacted>
Date: Fri, 2 May 2025 06:45:10 +0000 (+0200)
Subject: convert : explicitly disable trust_remote_code for AutoConfig (#13246)
X-Git-Tag: upstream/0.0.5318~62
X-Git-Url: https://git.djapps.eu/?a=commitdiff_plain;h=dcf886007de4b8e5200f461a13233315f897fb9d;p=pkg%2Fggml%2Fsources%2Fllama.cpp

convert : explicitly disable trust_remote_code for AutoConfig (#13246)
---

diff --git a/convert_hf_to_gguf.py b/convert_hf_to_gguf.py
index 04ca646b..df3f8a55 100755
--- a/convert_hf_to_gguf.py
+++ b/convert_hf_to_gguf.py
@@ -419,7 +419,9 @@ class ModelBase:
     @staticmethod
     def load_hparams(dir_model: Path):
         try:
-            return AutoConfig.from_pretrained(dir_model).to_dict()
+            # for security reason, we don't allow loading remote code by default
+            # if a model need remote code, we will fallback to config.json
+            return AutoConfig.from_pretrained(dir_model, trust_remote_code=False).to_dict()
         except Exception as e:
             logger.warning(f"Failed to load model config from {dir_model}: {e}")
             logger.warning("Trying to load config.json instead")