Find generated pc file also in build dir #9
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sebpop
pushed a commit
to sebpop/zlib
that referenced
this pull request
Nov 15, 2018
this patch fixes a use of uninitialized value discovered by one of the fuzzers of the oss-fuzz project: https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c clang's memory sanitizer fails with: ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5930dd in slide_hash zlib/deflate.c:222:20 madler#1 0x589461 in fill_window zlib/deflate.c:1558:13 madler#2 0x59828f in deflate_rle zlib/deflate.c:2119:13 madler#3 0x590614 in deflate zlib/deflate.c:1045:41 madler#4 0x4a2d56 in test_dict_deflate /src/example_dict_fuzzer.c:79:11 madler#5 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#6 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#7 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#8 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#9 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#10 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#11 0x41ed08 in _start Uninitialized value was created by a heap allocation #0 0x45fa10 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:911 madler#1 0x586920 in deflateInit2_ zlib/deflate.c:320:27 madler#2 0x4a2a24 in test_dict_deflate /src/example_dict_fuzzer.c:61:11 madler#3 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#4 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#5 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#6 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#7 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#8 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
hzhuang1
pushed a commit
to Linaro/warpdrive-zlib
that referenced
this pull request
Jul 31, 2019
…eflate_quick
by aggregating the two consecutive values to be written by static_emit_ptr to
s->pending_buf and writing the two values at once in a 4 byte store, we avoid
running out of the allocated buffer. We used to call quick_send_bits twice and
bumped the counter s->pending in the first call, which made the second call
write to memory beyond the safe 4 bytes that were guaranteed by the following
condition in the enclosing loop in deflate_quick:
if (s->pending + 4 >= s->pending_buf_size) {
flush_pending(s->strm);
The bug was exposed by the memory sanitizer like so:
MemorySanitizer:DEADLYSIGNAL
--
| ==1==ERROR: MemorySanitizer: SEGV on unknown address 0x730000020000 (pc 0x0000005b6ce4 bp 0x7fff59adb5e0 sp 0x7fff59adb570 T1)
| ==1==The signal is caused by a WRITE memory access.
| #0 0x5b6ce3 in quick_send_bits zlib-ng/arch/x86/deflate_quick.c:134:48
| madler#1 0x5b5752 in deflate_quick zlib-ng/arch/x86/deflate_quick.c:243:21
| madler#2 0x590a15 in zng_deflate zlib-ng/deflate.c:952:18
| madler#3 0x587165 in zng_compress2 zlib-ng/compress.c:59:15
| madler#4 0x5866d3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:22:3
| madler#5 0x5862d8 in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:74:3
| madler#6 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15
| madler#7 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
| madler#8 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9
| madler#9 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10
| madler#10 0x7fb8919b082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
| madler#11 0x41ec68 in _start
| MemorySanitizer can not provide additional info.
| SUMMARY: MemorySanitizer: SEGV (/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_zlib-ng_7ead0a3e4980f024583384fd355b6e3ddd4b2ca2/revisions/compress_fuzzer+0x5b6ce3)
hzhuang1
pushed a commit
to Linaro/warpdrive-zlib
that referenced
this pull request
Jul 31, 2019
…ed-value ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x59fa93 in deflate_medium zlib-ng/deflate_medium.c:259:21 madler#1 0x590905 in zng_deflate zlib-ng/deflate.c:951:18 madler#2 0x587095 in zng_compress2 zlib-ng/compress.c:59:15 madler#3 0x5866e3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:18:3 madler#4 0x5862fd in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:38:3 madler#5 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 madler#6 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#7 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 madler#8 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#9 0x7fea2fea482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#10 0x41ec68 in _start Uninitialized value was created by a heap allocation #0 0x45f2a0 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:910 madler#1 0x587d42 in zng_deflateInit2_ zlib-ng/deflate.c:284:27 madler#2 0x5874fa in zng_deflateInit_ zlib-ng/deflate.c:224:12 madler#3 0x586c95 in zng_compress2 zlib-ng/compress.c:41:11 madler#4 0x5866e3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:18:3 madler#5 0x5862fd in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:38:3 madler#6 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 madler#7 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#8 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 madler#9 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#10 0x7fea2fea482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
hzhuang1
pushed a commit
to Linaro/warpdrive-zlib
that referenced
this pull request
Jul 31, 2019
==4908==ERROR: MemorySanitizer: SEGV on unknown address 0x730fffffffff (pc 0x0000004b1b97 bp 0x7ffd4bf59a00 sp 0x7ffd4bf598a0 T4908) ==4908==The signal is caused by a READ memory access. #0 0x5a0599 in fizzle_matches zlib-ng/deflate_medium.c:168:12 madler#1 0x59ea27 in deflate_medium zlib-ng/deflate_medium.c:296:21 madler#2 0x5901c5 in zng_deflate zlib-ng/deflate.c:951:18 madler#3 0x586955 in zng_compress2 zlib-ng/compress.c:59:15 madler#4 0x5861eb in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:18:3 madler#5 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15 madler#6 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#7 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9 madler#8 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#9 0x7fa3d7ff582f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#10 0x41ec68 in _start
nmoinvaz
pushed a commit
to nmoinvaz/zlib
that referenced
this pull request
May 2, 2020
* faster crc32 of last <8 bytes on aarch64
jinfeihan57
pushed a commit
to minchai23/zlib
that referenced
this pull request
Sep 15, 2020
Lecrapouille
pushed a commit
to Lecrapouille/zlib
that referenced
this pull request
Sep 5, 2021
this patch fixes a use of uninitialized value discovered by one of the fuzzers of the oss-fuzz project: https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c clang's memory sanitizer fails with: ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5930dd in slide_hash zlib/deflate.c:222:20 madler#1 0x589461 in fill_window zlib/deflate.c:1558:13 madler#2 0x59828f in deflate_rle zlib/deflate.c:2119:13 madler#3 0x590614 in deflate zlib/deflate.c:1045:41 madler#4 0x4a2d56 in test_dict_deflate /src/example_dict_fuzzer.c:79:11 madler#5 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#6 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#7 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#8 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#9 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#10 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 madler#11 0x41ed08 in _start Uninitialized value was created by a heap allocation #0 0x45fa10 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:911 madler#1 0x586920 in deflateInit2_ zlib/deflate.c:320:27 madler#2 0x4a2a24 in test_dict_deflate /src/example_dict_fuzzer.c:61:11 madler#3 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3 madler#4 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 madler#5 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 madler#6 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 madler#7 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10 madler#8 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
GerHobbelt
pushed a commit
to GerHobbelt/zlib
that referenced
this pull request
Nov 20, 2021
When there are no symbols in the tree we skip build_tree calculations and emit a block using static tree with no codes.
trees.c:357:19: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long'
#0 0x1000ed79b in build_tree trees.c:357
madler#1 0x1000ea3f5 in zng_tr_flush_block trees.c:649
madler#2 0x100090ab0 in deflate_slow deflate_slow.c:131
madler#3 0x1000572bc in zng_deflate deflate.c:990
madler#4 0x1000aecd3 in gz_comp gzwrite.c:125
madler#5 0x1000b05df in zng_gzclose_w gzwrite.c:511
madler#6 0x1000967a4 in zng_gzclose gzlib.c:253
madler#7 0x100004f70 in test_gzio example.c:133
madler#8 0x100010c5b in main example.c:1034
madler#9 0x7fff71f57cc8 in start+0x0 (libdyld.dylib:x86_64+0x1acc8)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
.pc file could be out-of-source