nice work so far 👍, looks very promising.
==4659==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013b28e0 at pc 0x0000004f989c bp 0x7fffd1c70a10 sp 0x7fffd1c70a08
READ of size 4 at 0x0000013b28e0 thread T0
#0 0x4f989b in load32_le /home/daniel/code/git/mirror/libhydrogen/impl/common.h:82:5
#1 0x4f989b in hydro_stream_chacha20_xor /home/daniel/code/git/mirror/libhydrogen/impl/stream.h:90
#2 0x4f8c43 in randombytes_random /home/daniel/code/git/mirror/libhydrogen/impl/random.h:195:9
#3 0x4f9964 in randombytes_buf /home/daniel/code/git/mirror/libhydrogen/impl/random.h:228:13
#4 0x4f5f1f in test_core /home/daniel/code/git/mirror/libhydrogen/tests/tests.c:156:5
#5 0x4f5f1f in main /home/daniel/code/git/mirror/libhydrogen/tests/tests.c:280
#6 0x7fa3d74862b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#7 0x41c8c9 in _start (/home/daniel/code/git/mirror/libhydrogen/build/tests/tests+0x41c8c9)
0x0000013b28e0 is located 32 bytes to the left of global variable 'hydro_random_initialized' defined in '/home/daniel/code/git/mirror/libhydrogen/hydrogen.c' (0x13b2900) of size 1
0x0000013b28e0 is located 0 bytes to the right of global variable 'hydro_random_key' defined in '/home/daniel/code/git/mirror/libhydrogen/impl/random.h:1:16' (0x13b28c0) of size 32
SUMMARY: AddressSanitizer: global-buffer-overflow /home/daniel/code/git/mirror/libhydrogen/impl/common.h:82:5 in load32_le
Shadow bytes around the buggy address:
0x00008026e4c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e4d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e4e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e4f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00008026e510: 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00[f9]f9 f9 f9
0x00008026e520: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x00008026e530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008026e560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4659==ABORTING
==4725==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f5f318030e0 at pc 0x0000004f988c bp 0x7ffde857ae10 sp 0x7ffde857ae08
READ of size 4 at 0x7f5f318030e0 thread T0
#0 0x4f988b in load32_le /home/daniel/code/git/mirror/libhydrogen/impl/common.h:82:5
#1 0x4f988b in hydro_stream_chacha20_xor /home/daniel/code/git/mirror/libhydrogen/impl/stream.h:90
#2 0x4f60c1 in test_hash /home/daniel/code/git/mirror/libhydrogen/tests/tests.c:73:5
#3 0x4f60c1 in main /home/daniel/code/git/mirror/libhydrogen/tests/tests.c:281
#4 0x7f5f345dc2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#5 0x41c8c9 in _start (/home/daniel/code/git/mirror/libhydrogen/build/tests/tests+0x41c8c9)
Address 0x7f5f318030e0 is located in stack of thread T0 at offset 12512 in frame
#0 0x4f5b0f in main /home/daniel/code/git/mirror/libhydrogen/tests/tests.c:274
This frame has 26 object(s):
[32, 532) 'msg.i53'
[608, 672) 'sig.i'
[704, 848) 'st.i54'
[912, 976) 'kp.i'
[1008, 1033) 'm.i'
[1072, 1097) 'm2.i'
[1136, 1197) 'c.i'
[1232, 11232) 'tmp.i'
[11488, 11520) 'subkey3.i'
[11552, 11602) 'subkey4.i'
[11648, 11681) 'subkey2_hex.i'
[11728, 11793) 'subkey3_hex.i'
[11840, 11941) 'subkey4_hex.i'
[11984, 12032) 'st.i6'
[12064, 12080) 'h.i'
[12096, 12112) 'key.i8'
[12128, 12161) 'hex.i10'
[12208, 12352) 'st.i'
[12416, 12448) 'dk.i'
[12480, 12512) 'key.i' <== Memory access at offset 12512 overflows this variable
[12544, 13544) 'msg.i'
[13680, 13780) 'x.i'
[13824, 13924) 'y.i'
[13968, 13973) 'a.i'
[14000, 14005) 'b.i'
[14032, 14233) 'hex.i'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/daniel/code/git/mirror/libhydrogen/impl/common.h:82:5 in load32_le
Shadow bytes around the buggy address:
0x0fec662f85c0: 00 00 01 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00
0x0fec662f85d0: 00 00 00 00 05 f2 f2 f2 f2 f2 00 00 00 00 00 00
0x0fec662f85e0: f2 f2 f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 00 00
0x0fec662f85f0: 01 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
0x0fec662f8600: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2
=>0x0fec662f8610: 00 00 00 00 f2 f2 f2 f2 00 00 00 00[f2]f2 f2 f2
0x0fec662f8620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec662f8630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec662f8640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec662f8650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec662f8660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4725==ABORTING