You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey there, I have come across some integer behaviour runtime issues in the commit 50e2bf7.
The shift operations left-shift an integer outside the number of bits supported by the data type, and is an undefined behavior in C according to ISO C99.
The unsigned integer overflow could cause undefined behaviour in the runtime of the software.
To replicate, I compiled the git repo with: CC=clang CXX=clang++ CFLAGS='-fsanitize=address,undefined -g -O2 -fPIC -DSWF_LITTLE_ENDIAN' CXXFLAGS=$CFLAGS ./configure; make
The issues reported by UBSan are as follows:
- read.c:71:11: runtime error: left shift of 310079501 by 8 places cannot be represented in type 'int'
- read.c:90:11: runtime error: left shift of 2032175751 by 5 places cannot be represented in type 'int'
- read.c:111:20: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
- read.c:111:16: runtime error: signed integer overflow: 1293434706 - -2147483648 cannot be represented in type 'int'
I have attached the output of UBSan and the POC file that triggers all 4 of the above bugs.
The text was updated successfully, but these errors were encountered:
glen-mac
changed the title
Multiple Integer misbehaviours (shift, unsigned overflow) in read.c
Multiple integer misbehaviours (excessive shift, unsigned overflow) in read.c
Apr 13, 2018
glen-mac
changed the title
Multiple integer misbehaviours (excessive shift, unsigned overflow) in read.c
Multiple integer misbehaviours (excessive shift, unsigned overflow) in readBits/readSBits of util/read.c
Apr 13, 2018
glen-mac
changed the title
Multiple integer misbehaviours (excessive shift, unsigned overflow) in readBits/readSBits of util/read.c
Multiple integer misbehaviours (excessive shift, signed integer overflow) in readBits/readSBits of util/read.c
May 24, 2018
Hey there, I have come across some integer behaviour runtime issues in the commit 50e2bf7.
The shift operations left-shift an integer outside the number of bits supported by the data type, and is an undefined behavior in C according to ISO C99.
The unsigned integer overflow could cause undefined behaviour in the runtime of the software.
To replicate, I compiled the git repo with:
CC=clang CXX=clang++ CFLAGS='-fsanitize=address,undefined -g -O2 -fPIC -DSWF_LITTLE_ENDIAN' CXXFLAGS=$CFLAGS ./configure; make
The issues reported by UBSan are as follows:
I have attached the output of UBSan and the POC file that triggers all 4 of the above bugs.
output.txt
crash_case.zip
The text was updated successfully, but these errors were encountered: