Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid memory access in lz5 v2.0(lz5_compress) #18

Open
Kingkingyoung opened this issue Sep 7, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@Kingkingyoung
Copy link

commented Sep 7, 2018

Hello.

I found a invalid memory access in LZ5 v2.0.

Please confirm.

Thanks.

Summary
OS: ubuntu-14.04-64bit
version: Lz5 2.0
POC Download: invalid memory access
test code: examples/blockStreaming_lineByLine.c,compile with ASan.

details:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==181087==ERROR: AddressSanitizer: SEGV on unknown address 0x7f920ce206be (pc 0x7f914d4092c0 bp 0x7ffeaa32fd10 sp 0x7ffeaa32f4b8 T0)
==181087==The signal is caused by a READ memory access.
    #0 0x7f914d4092bf  /build/eglibc-ripdx6/eglibc-2.19/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2714
    #1 0x4b9852 in __asan_memcpy /local/mnt/workspace/clang_nightly/plain/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3
    #2 0x5eea7f in MEM_read32 /home/yangq/testapp/lizard-2.0/examples/../lib/entropy/mem.h:173:14
    #3 0x52350e in LZ5_compress_fastSmall /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_parser_fastsmall.h:94:25
    #4 0x52350e in LZ5_compress_generic /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_compress.c:513
    #5 0x52350e in LZ5_compress_continue /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_compress.c:586
    #6 0x5f0cad in test_compress /home/yangq/testapp/lizard-2.0/examples/blockStreaming_lineByLine.c:67:34
    #7 0x5f098b in main /home/yangq/testapp/lizard-2.0/examples/blockStreaming_lineByLine.c:177:9
    #8 0x7f914d2d4f44 in __libc_start_main /build/eglibc-ripdx6/eglibc-2.19/csu/libc-start.c:287
    #9 0x419eeb in _start (/home/yangq/testapp/lizard-2.0/examples/lineCompress_asan+0x419eeb)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/eglibc-ripdx6/eglibc-2.19/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2714 
==181087==ABORTING

It seems 'match' or 'base' (lz5_parse_fastsmall.h:90) access invalid memory in some cases.
It may cause a crash or denial of service.

@Kingkingyoung Kingkingyoung changed the title NULL pointer dereference in lz5 v2.0(lz5_compress) Invalid memory access in lz5 v2.0(lz5_compress) Sep 13, 2018

@inikep

This comment has been minimized.

Copy link
Owner

commented Oct 4, 2018

Thanks for reporting. I tried to reproduce your issue with the latest Lizard 1.0 at 02491c7.
I used gcc-8 with UBSan and ASan and it found no issues.

Please try the latest commit. If you will find an issue please also report your gcc/clang version and used parameters. My options were: gcc-8 -O2 -g -fsanitize=undefined -fsanitize=address -std=gnu99 -Wall -Wextra -Wundef -Wshadow -Wcast-align -Wstrict-prototypes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.