Build: Temporarily disable CRC CLMUL to silence OSS Fuzz

The code makes aligned 16-byte reads which may read up to 15 bytes before the beginning or past the end of the buffer if the buffer is misaligned. The unneeded bytes are then ignored. It cannot cross page boundaries and thus cannot cause access violations. This inherently trips address sanitizer which was already disabled with __attribute__((__no_sanitize_address__)). However, it also trips memory sanitizer if the extra bytes are uninitialized because memory sanitizer doesn't see that those bytes then get ignored by byte shuffling in the xmm registers. The plan is to change the code so that all sanitizers pass but it's not finished yet (performance shouldn't get worse) so as a temporary measure to keep OSS Fuzz happy, the CLMUL CRC is now disabled even though I think think the code is fine to use (and easy enough to review the memory accesses in it too).
tukaani-project · May 15, 2024 · 9f1a6d6 · 9f1a6d6
1 parent 142e670
commit 9f1a6d6
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/configure.ac b/configure.ac
@@ -373,10 +373,12 @@ AM_CONDITIONAL(COND_ASM_X86, test "x$enable_assembler" = xx86)
 # CLMUL CRC #
 #############
 
+# FIXME: Turn it back on by default once the code has been revised
+# to not cause false alarms in sanitizers and thus in OSS Fuzz.
 AC_ARG_ENABLE([clmul-crc], AS_HELP_STRING([--disable-clmul-crc],
 		[Do not use carryless multiplication for CRC calculation
 		even if support for it is detected.]),
-	[], [enable_clmul_crc=yes])
+	[], [enable_clmul_crc=no])
 
 
 ############################