RPC GRAPH_COMPUTE Arbitrary RCE patch

[las7]

This fix prevents an existing RCE chain where deserialize_tensor() skips all validations when the incoming rpce_tensor.buffer field is set to null. Currently we only check if result==null, however this does not sufficiently cover the case for result->buffer. This prevents attackers from gaining arbitrary read and write.

[rgerganov]

I believe this check is sufficient because tensor views which are part of the compute graph are initialized by ggml_backend_view_init():

llama.cpp/ggml/src/ggml-backend.cpp

Lines 1884 to 1894 in bd69921

	enum ggml_status ggml_backend_view_init(struct ggml_tensor * tensor) {
	GGML_ASSERT(tensor);
	GGML_ASSERT(tensor->buffer == NULL);
	GGML_ASSERT(tensor->view_src != NULL);
	GGML_ASSERT(tensor->view_src->buffer != NULL);
	GGML_ASSERT(tensor->view_src->data != NULL);
	tensor->buffer = tensor->view_src->buffer;
	tensor->data = (char *)tensor->view_src->data + tensor->view_offs;
	return ggml_backend_buffer_init_tensor(tensor->buffer, tensor);
	}

so it's not possible to have a valid tensor with tensor->buffer == nullptr

[catap]

@ggerganov maybe make a new release of ggml with that fix?