Fix Windows build #10

poiru · 2012-03-22T16:17:36Z

Removed the undefined gzflags export, which causes a build failure.

- Fixed MSB8012 warnings for vc10 projects - Changed testzlibdll output from testzlib.exe to testzlibdll.exe

poiru · 2012-03-22T16:18:35Z

Let me close this pull request as unwanted commits seem to have been included. I opened pull request #11, which contains (only) the fix.

Fix compiling under Visual Studio

this patch fixes a use of uninitialized value discovered by one of the fuzzers of the oss-fuzz project: https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c clang's memory sanitizer fails with: ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5930dd in slide_hash zlib/deflate.c:222:20 madler#1 0x589461 in fill_window zlib/deflate.c:1558:13 madler#2 0x59828f in deflate_rle zlib/deflate.c:2119:13 madler#3 0x590614 in deflate zlib/deflate.c:1045:41 madler#4 0x4a2d56 in test_dict_deflate /src/example_dict_fuzzer.c:79:11 madler#5 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#6 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#7 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#8 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#9 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#10 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#11 0x41ed08 in _start Uninitialized value was created by a heap allocation #0 0x45fa10 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:911 madler#1 0x586920 in deflateInit2_ zlib/deflate.c:320:27 madler#2 0x4a2a24 in test_dict_deflate /src/example_dict_fuzzer.c:61:11 madler#3 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#4 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#5 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#6 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#7 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#8 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

…eflate_quick by aggregating the two consecutive values to be written by static_emit_ptr to s->pending_buf and writing the two values at once in a 4 byte store, we avoid running out of the allocated buffer. We used to call quick_send_bits twice and bumped the counter s->pending in the first call, which made the second call write to memory beyond the safe 4 bytes that were guaranteed by the following condition in the enclosing loop in deflate_quick: if (s->pending + 4 >= s->pending_buf_size) { flush_pending(s->strm); The bug was exposed by the memory sanitizer like so: MemorySanitizer:DEADLYSIGNAL -- | ==1==ERROR: MemorySanitizer: SEGV on unknown address 0x730000020000 (pc 0x0000005b6ce4 bp 0x7fff59adb5e0 sp 0x7fff59adb570 T1) | ==1==The signal is caused by a WRITE memory access. | #0 0x5b6ce3 in quick_send_bits zlib-ng/arch/x86/deflate_quick.c:134:48 | madler#1 0x5b5752 in deflate_quick zlib-ng/arch/x86/deflate_quick.c:243:21 | madler#2 0x590a15 in zng_deflate zlib-ng/deflate.c:952:18 | madler#3 0x587165 in zng_compress2 zlib-ng/compress.c:59:15 | madler#4 0x5866d3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:22:3 | madler#5 0x5862d8 in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:74:3 | madler#6 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 | madler#7 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 | madler#8 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 | madler#9 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 | madler#10 0x7fb8919b082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 | madler#11 0x41ec68 in _start | MemorySanitizer can not provide additional info. | SUMMARY: MemorySanitizer: SEGV (/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_zlib-ng_7ead0a3e4980f024583384fd355b6e3ddd4b2ca2/revisions/compress_fuzzer+0x5b6ce3)

…ed-value ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x59fa93 in deflate_medium zlib-ng/deflate_medium.c:259:21 madler#1 0x590905 in zng_deflate zlib-ng/deflate.c:951:18 madler#2 0x587095 in zng_compress2 zlib-ng/compress.c:59:15 madler#3 0x5866e3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:18:3 madler#4 0x5862fd in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:38:3 madler#5 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 madler#6 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#7 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 madler#8 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#9 0x7fea2fea482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#10 0x41ec68 in _start Uninitialized value was created by a heap allocation #0 0x45f2a0 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:910 madler#1 0x587d42 in zng_deflateInit2_ zlib-ng/deflate.c:284:27 madler#2 0x5874fa in zng_deflateInit_ zlib-ng/deflate.c:224:12 madler#3 0x586c95 in zng_compress2 zlib-ng/compress.c:41:11 madler#4 0x5866e3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:18:3 madler#5 0x5862fd in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:38:3 madler#6 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 madler#7 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#8 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 madler#9 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#10 0x7fea2fea482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

==4908==ERROR: MemorySanitizer: SEGV on unknown address 0x730fffffffff (pc 0x0000004b1b97 bp 0x7ffd4bf59a00 sp 0x7ffd4bf598a0 T4908) ==4908==The signal is caused by a READ memory access. #0 0x5a0599 in fizzle_matches zlib-ng/deflate_medium.c:168:12 madler#1 0x59ea27 in deflate_medium zlib-ng/deflate_medium.c:296:21 madler#2 0x5901c5 in zng_deflate zlib-ng/deflate.c:951:18 madler#3 0x586955 in zng_compress2 zlib-ng/compress.c:59:15 madler#4 0x5861eb in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:18:3 madler#5 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 madler#6 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#7 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 madler#8 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#9 0x7fa3d7ff582f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#10 0x41ec68 in _start

On FreeBSD amd64 is named... 'amd64', not 'x86_64'. This is what 'uname -m' prints.

Thanks!

this patch fixes a use of uninitialized value discovered by one of the fuzzers of the oss-fuzz project: https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c clang's memory sanitizer fails with: ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5930dd in slide_hash zlib/deflate.c:222:20 madler#1 0x589461 in fill_window zlib/deflate.c:1558:13 madler#2 0x59828f in deflate_rle zlib/deflate.c:2119:13 madler#3 0x590614 in deflate zlib/deflate.c:1045:41 madler#4 0x4a2d56 in test_dict_deflate /src/example_dict_fuzzer.c:79:11 madler#5 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#6 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#7 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#8 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#9 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#10 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#11 0x41ed08 in _start Uninitialized value was created by a heap allocation #0 0x45fa10 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:911 madler#1 0x586920 in deflateInit2_ zlib/deflate.c:320:27 madler#2 0x4a2a24 in test_dict_deflate /src/example_dict_fuzzer.c:61:11 madler#3 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#4 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#5 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#6 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#7 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#8 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

VC16 project files

poiru added 6 commits February 24, 2012 12:33

- Fixed contrib/vstudio/vc10/testzlib.vcxproj project linker errors

477ea93

- Fixed MSB8012 warnings for vc10 projects - Changed testzlibdll output from testzlib.exe to testzlibdll.exe

Automated assembly building with vc10.

3ee761a

Reverted testzlib.vcxproj fix

45811d5

Merge branch 'develop' of github.com:madler/zlib

bca3548

Merge branch 'develop' of github.com:madler/zlib

ad36677

Fixed contrib/vstudio builds (removed non-existent gzflags from exports)

582e73b

poiru closed this Mar 22, 2012

geoff-nixon referenced this pull request in geoff-nixon/zlib May 6, 2016

Merge pull request cloudflare#10 from mtl1979/develop

4668580

Fix compiling under Visual Studio

sebpop mentioned this pull request Nov 15, 2018

oss-fuzz/11360: clear out s->prev buffer to avoid undefined behavior #393

Closed

nmoinvaz pushed a commit to nmoinvaz/zlib that referenced this pull request May 2, 2020

Correctly check architecture on FreeBSD (madler#10)

634a6b9

On FreeBSD amd64 is named... 'amd64', not 'x86_64'. This is what 'uname -m' prints.

jinfeihan57 pushed a commit to minchai23/zlib that referenced this pull request Sep 15, 2020

zip_extract: handle directories within zip files (madler#10)

faf26db

Thanks!

RytoEX pushed a commit to RytoEX/zlib that referenced this pull request Nov 10, 2022

Merge pull request madler#10 from JeromeMartinez/VC16

de72d39

VC16 project files

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Windows build #10

Fix Windows build #10

poiru commented Mar 22, 2012

poiru commented Mar 22, 2012

Fix Windows build #10

Fix Windows build #10

Conversation

poiru commented Mar 22, 2012

poiru commented Mar 22, 2012