[debbugs-tracker] bug#33501: closed (Malformed inputs triggering uniniti

emacs-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#33501: closed (Malformed inputs triggering uniniti

From:	GNU bug Tracking System
Subject:	[debbugs-tracker] bug#33501: closed (Malformed inputs triggering uninitialized memory use in inflate_dynamic())
Date:	Fri, 30 Nov 2018 21:04:02 +0000

Your message dated Fri, 30 Nov 2018 13:03:31 -0800
with message-id <address@hidden>
and subject line Re: bug#33501: Malformed inputs triggering uninitialized 
memory use in inflate_dynamic()
has caused the debbugs.gnu.org bug report #33501,
regarding Malformed inputs triggering uninitialized memory use in 
inflate_dynamic()
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
33501: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=33501
GNU Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: Malformed inputs triggering uninitialized memory use in inflate_dynamic() Date: Sun, 25 Nov 2018 16:45:18 +0100

Hi,

I did some testing of gzip with afl-fuzzing and memory sanitizer and it
ends up finding a use of uninitialized memory on some malformed inputs.

Sample input (base64):
H4sIADAwMDAwMGQAAAA=

With msan this causes:

==21601==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x4affab in inflate_dynamic /f/gzip/gzip-1.9/inflate.c:803:9
    #1 0x4affab in inflate_block /f/gzip/gzip-1.9/inflate.c:925
    #2 0x4affab in inflate /f/gzip/gzip-1.9/inflate.c:957
    #3 0x4c805d in unzip /f/gzip/gzip-1.9/unzip.c:132:19
    #4 0x4a1234 in treat_file /f/gzip/gzip-1.9/gzip.c:1002:13
    #5 0x49d760 in main /f/gzip/gzip-1.9/gzip.c:670:13
    #6 0x7f85c3d724ea in __libc_start_main (/lib64/libc.so.6+0x244ea)
    #7 0x41c4d9 in _start (/r/gz/gzip+0x41c4d9)

You can reproduce by building gzip with clang+msan, e.g.
./configure CC=clang LD=clang CFLAGS="-fsanitize=undefined -U_FORTIFY_SOURCE" 
LDFLAGS="-fsanitize=undefined -U_FORTIFY_SOURCE"

And then run the above sample with gzip -dc.

(msan is incompatible with fortify source and some distros set it by
default, so it's better to unset it.)

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

--- End Message ---

--- Begin Message --- Subject: Re: bug#33501: Malformed inputs triggering uninitialized memory use in inflate_dynamic() Date: Fri, 30 Nov 2018 13:03:31 -0800 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 Thanks for the fix. I installed the attached patch into the GNU gzipmaster and am marking this bug as done.
0001-gzip-fix-use-of-uninitialized-memory.patch
Description: Text Data

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

[debbugs-tracker] bug#33501: closed (Malformed inputs triggering uninitialized memory use in inflate_dynamic()), GNU bug Tracking System <=

Prev by Date: [debbugs-tracker] bug#33522: closed ([PATCH 0/3] Add the '--with-branch' package transformation option)
Next by Date: [debbugs-tracker] bug#33544: closed (gzip 1.9 alignment compile failure on cast)
Previous by thread: [debbugs-tracker] bug#33522: closed ([PATCH 0/3] Add the '--with-branch' package transformation option)
Next by thread: [debbugs-tracker] bug#33544: closed (gzip 1.9 alignment compile failure on cast)
Index(es):
- Date
- Thread