grpc icon indicating copy to clipboard operation
grpc copied to clipboard
verified publisher icon grpc

Undefined behavior in BoringSSL-GRPC

Open vmilea opened this issue 3 years ago • 0 comments

What version of gRPC and what language are you using?

gRPC-Core 1.49, Objective-C

What operating system (Linux, Windows,...) and version?

iOS 15

What runtime / compiler are you using (e.g. python version or version of gcc)

Apple clang version 14.0.0 (clang-1400.0.29.102)

What did you do?

Tried using GRPC with Clang's Undefined Behavior Sanitizer enabled.

What did you expect to see?

No undefined behavior.

What did you see instead?

Undefined behavior in BoringSSL-GRPC: "Applying zero offset to null pointer" in CRYPTO_poly1305_update().

Anything else we should know about your project / environment?

This bug is already fixed upstream, see https://bugs.chromium.org/p/boringssl/issues/detail?id=523. However, the BoringSSL-GRPC.podspec references an old commit from 2021. Please update to a newer version of BoringSSL.

vmilea avatar Oct 12 '22 18:10 vmilea