New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix block_open handling in deflate_quick() #880
Conversation
The attached test fails with "inflate() failed", because the deflate stream that it produces ends up being corrupted. Bisect points to the commit e7bb6db ("Replace hash_bits, hash_size and hash_mask with defines."), but it's most likely a coincidence. In any case, the reason is that if we happen to simultaneously exhaust all the buffers (in, out and bi), we return finish_started without writing the end of block symbol, which will never happen afterwards. Fix by adding another check to the tricky condition: if we are in the middle of a block, return need_more instead of finish_started.
Codecov Report
@@ Coverage Diff @@
## develop #880 +/- ##
===========================================
- Coverage 75.56% 75.43% -0.13%
===========================================
Files 72 73 +1
Lines 8172 8220 +48
Branches 1349 1359 +10
===========================================
+ Hits 6175 6201 +26
- Misses 1480 1494 +14
- Partials 517 525 +8
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
@iii-i Great work on finding this, I'll release a hotfix for this. Do you have a scripted fuzzing setup that finds these? If so, is it something you can/want to share? |
Yeah, that's essentially 08274c7 + some new modifications. I should probably open source the full repo where I develop this, and then we can think whether it would make sense to integrate this into zlib-ng. |
@iii-i That looks nice indeed, but as I said I have no experience with fuzzing, so I would not know how to build or run that thing 😄 Getting it into zlib-ng/zlib-ng or perhaps better, a separate zlib-ng/fuzzing (or similar) repo would be great, and would make it easier for everyone to contribute both code and testing. |
I am getting these compiler warnings now on
|
Weird that clang and/or gcc didn't catch it. There indeed are a few casts missing in this test. I'll send a PR tomorrow. |
Add casts in order to fix the following warnings [1]: C:\Users\Nathan\Source\zlib-ng\test\deflate_quick_block_open.c(62,69): warning C4244: '=': conversion from '__int64' to 'uint32_t', possible loss of data [C:\Users\Nathan\Source\zlib-ng\deflate_quick_block_open.vcxproj] C:\Users\Nathan\Source\zlib-ng\test\deflate_quick_block_open.c(73,1): warning C4244: 'initializing': conversion from '_ _int64' to 'uint32_t', possible loss of data [C:\Users\Nathan\Source\zlib-ng\deflate_quick_block_open.vcxproj] [1] zlib-ng#880 (comment)
Add casts in order to fix the following warnings [1]: C:\Users\Nathan\Source\zlib-ng\test\deflate_quick_block_open.c(62,69): warning C4244: '=': conversion from '__int64' to 'uint32_t', possible loss of data [C:\Users\Nathan\Source\zlib-ng\deflate_quick_block_open.vcxproj] C:\Users\Nathan\Source\zlib-ng\test\deflate_quick_block_open.c(73,1): warning C4244: 'initializing': conversion from '_ _int64' to 'uint32_t', possible loss of data [C:\Users\Nathan\Source\zlib-ng\deflate_quick_block_open.vcxproj] [1] #880 (comment)
While tracking down #869, I stumbled upon another deflate_quick issue :-(
The attached test fails with "inflate() failed", because the deflate
stream that it produces ends up being corrupted. Bisect points to the
commit e7bb6db ("Replace hash_bits, hash_size and hash_mask with
defines."), but it's most likely a coincidence.
In any case, the reason is that if we happen to simultaneously exhaust
all the buffers (in, out and bi), we return finish_started without
writing the end of block symbol, which will never happen afterwards.
Fix by adding another check to the tricky condition: if we are in the
middle of a block, return need_more instead of finish_started.