Open acherry opened 7 months ago
Related to #10179 and probably #13814
This also makes DAT upscaler models from OpenModelDB.info impossible to use:
*** Error verifying pickled file from C:\Apps\StableDiffusionWeb\models\DAT\4x_NomosUniDAT_otf.pth
*** The file may be malicious, so the program is not going to read it.
*** You can skip this check with --disable-safe-unpickle commandline argument.
***
Traceback (most recent call last):
File "C:\Apps\StableDiffusionWeb\modules\safe.py", line 137, in load_with_extra
check_pt(filename, extra_handler)
File "C:\Apps\StableDiffusionWeb\modules\safe.py", line 84, in check_pt
check_zip_filenames(filename, z.namelist())
File "C:\Apps\StableDiffusionWeb\modules\safe.py", line 76, in check_zip_filenames
raise Exception(f"bad file inside {filename}: {name}")
Exception: bad file inside C:\Apps\StableDiffusionWeb\models\DAT\4x_NomosUniDAT_otf.pth: net_g_150000/byteorder
More names:
Exception: bad file inside models\DAT\4x_NomosUniDAT2_multijpg_ldl.pth: net_g_171000/.data/serialization_id
I've no idea why it's even checked like this, but I'm currently at this regex:
allowed_zip_names_re = re.compile(r"^([^/]+)/((\.?data/(\d+|serialization_id))|version|byteorder|(data\.pkl))$")
Is there an existing issue for this?
What would your feature do ?
It looks like pytorch is producing additional metadata files such as the "byteorder" endianness marker mentioned here and the serialization ID mentioned here. Those extra metadata files cause A1111's safety checks to raise an exception:
I was able to confirm this behavior with the the "sdxl v1.0 beta" AnimateDiff motion module on this Civitai page (uploaded 2023-11-09 - presumably created with recent pytorch) but there are probably simpler examples.
It would be nice if there were a way for users to use these files other than globally disabling safety checks with
--disable-safe-unpickle
.Proposed workflow
Partial fix would be for the existing allow-list regex to include the byteorder file and serialization ID, but there's probably a better solution than just expanding the list for every new file.
Additional information
No response