Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid memory access in lz5 v2.0(lz5_compress) #18

Open
kky0h opened this issue Sep 7, 2018 · 1 comment
Open

Invalid memory access in lz5 v2.0(lz5_compress) #18

kky0h opened this issue Sep 7, 2018 · 1 comment

Comments

@kky0h
Copy link

kky0h commented Sep 7, 2018
edited

Hello.

I found a invalid memory access in LZ5 v2.0.

Please confirm.

Thanks.

Summary
OS: ubuntu-14.04-64bit
version: Lz5 2.0
POC Download: invalid memory access
test code: examples/blockStreaming_lineByLine.c,compile with ASan.

details:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==181087==ERROR: AddressSanitizer: SEGV on unknown address 0x7f920ce206be (pc 0x7f914d4092c0 bp 0x7ffeaa32fd10 sp 0x7ffeaa32f4b8 T0)
==181087==The signal is caused by a READ memory access.
    #0 0x7f914d4092bf  /build/eglibc-ripdx6/eglibc-2.19/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2714
    #1 0x4b9852 in __asan_memcpy /local/mnt/workspace/clang_nightly/plain/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3
    #2 0x5eea7f in MEM_read32 /home/yangq/testapp/lizard-2.0/examples/../lib/entropy/mem.h:173:14
    #3 0x52350e in LZ5_compress_fastSmall /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_parser_fastsmall.h:94:25
    #4 0x52350e in LZ5_compress_generic /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_compress.c:513
    #5 0x52350e in LZ5_compress_continue /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_compress.c:586
    #6 0x5f0cad in test_compress /home/yangq/testapp/lizard-2.0/examples/blockStreaming_lineByLine.c:67:34
    #7 0x5f098b in main /home/yangq/testapp/lizard-2.0/examples/blockStreaming_lineByLine.c:177:9
    #8 0x7f914d2d4f44 in __libc_start_main /build/eglibc-ripdx6/eglibc-2.19/csu/libc-start.c:287
    #9 0x419eeb in _start (/home/yangq/testapp/lizard-2.0/examples/lineCompress_asan+0x419eeb)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/eglibc-ripdx6/eglibc-2.19/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2714 
==181087==ABORTING

It seems 'match' or 'base' (lz5_parse_fastsmall.h:90) access invalid memory in some cases.
It may cause a crash or denial of service.
@kky0h kky0h changed the title NULL pointer dereference in lz5 v2.0(lz5_compress) Invalid memory access in lz5 v2.0(lz5_compress) Sep 13, 2018
@inikep
Copy link
Owner

inikep commented Oct 4, 2018
edited

Thanks for reporting. I tried to reproduce your issue with the latest Lizard 1.0 at 02491c7.
I used gcc-8 with UBSan and ASan and it found no issues.

Please try the latest commit. If you will find an issue please also report your gcc/clang version and used parameters. My options were: gcc-8 -O2 -g -fsanitize=undefined -fsanitize=address -std=gnu99 -Wall -Wextra -Wundef -Wshadow -Wcast-align -Wstrict-prototypes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@inikep @kky0h