Comments (1)
Hi, During to a static analyzer verification I found following bug using MSAN and a fuzzer;
Uninitialized bytes in __interceptor_write at offset 0 inside [0x70e000000000, 219) ==2293981==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55ab1f01dee9 in put_fdout /src/stream.c:608:10 #1 0x55ab1f01ef9b in write_1g /src/stream.c:650:9 #2 0x55ab1f017698 in unzip_literal /src/runzip.c:168:6 #3 0x55ab1f017698 in runzip_chunk /src/runzip.c:325:9 #4 0x55ab1f017698 in runzip_fd /src/runzip.c:387:7 #5 0x55ab1effc895 in decompress_file /src/lrzip.c:951:6 #6 0x55ab1eff0efc in main /src/main.c:720:4 #7 0x7f9a8b276d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) #8 0x7f9a8b276e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) #9 0x55ab1ef63634 in _start (/src/lrzip+0x22634) (BuildId: 6810fc07e3b025b95f3b30dc8f7bd92fdf2d5317) SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/stream.c:608:10 in put_fdout Exiting
I do not see the error. ret
is set right above the call to put_fdout. I am NOT sure that the (size_t)
is correct since ret
is already declared as ssize_t
and put_fdout
expects the same in its argument list. But ret
is not unintialized.
605 ssize_t put_fdout(rzip_control *control, void *offset_buf, ssize_t ret)
638 ssize_t write_1g(rzip_control *control, void *buf, i64 len)
639 {
640 uchar *offset_buf = buf;
641 ssize_t ret;
642 i64 total;
643
644 total = 0;
645 while (len > 0) {
646 if (BITS32)
647 ret = MIN(len, one_g);
648 else
649 ret = len;
650 ret = put_fdout(control, offset_buf, (size_t)ret);
from lrzip.
Related Issues (20)
- How to read the output HOT 1
- lrzip -t file.lrz fails when run from write-protected dir
- Streaming issue "No space left on device" in lrzip 0.651 HOT 1
- "Warning, low memory for chosen compression settings" for small target files HOT 12
- lrzip 0.651 test issue HOT 3
- 41e8014 Add a -Q/--very-quiet option: Suppresses INFO. It shouldn't
- memory error in fill_buffer lrzip/stream.c HOT 1
- ZPAQ Segfault with incompressible blocks
- lrztar shows spurious "illegal option" with long options HOT 4
- heap-buffer-overflow in libzpaq/libzpaq.cpp:1208:25 libzpaq::PostProcessor::write(int) HOT 3
- Issue with -p or --threads HOT 12
- Incomplete fix of Issue #206 makes use-after-free still possible HOT 4
- "Unable to allocate enough memory for operation" on x86 when 10 threads are used. HOT 1
- Unable to stat file error on broken symlinks HOT 2
- Suggestion to support encrypted Stdin/Stdout when password provided on command line
- CPU detection does not account for CPU affinity HOT 8
- autoconf generates warnings on deprecated macros
- autoreconf: not found
- Makefile.am:34: error: Libtool library used but 'LIBTOOL' is undefined HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lrzip.