lizard icon indicating copy to clipboard operation
lizard copied to clipboard

Published 20 hours ago verified publisher icon inikep

Invalid memory access in lz5 v2.0(lz5_compress)

Open kky0h opened this issue 7 years ago • 1 comments

Hello.

I found a invalid memory access in LZ5 v2.0.

Please confirm.

Thanks.

Summary OS: ubuntu-14.04-64bit version: Lz5 2.0 POC Download: invalid memory access test code: examples/blockStreaming_lineByLine.c,compile with ASan.

details:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==181087==ERROR: AddressSanitizer: SEGV on unknown address 0x7f920ce206be (pc 0x7f914d4092c0 bp 0x7ffeaa32fd10 sp 0x7ffeaa32f4b8 T0)
==181087==The signal is caused by a READ memory access.
    #0 0x7f914d4092bf  /build/eglibc-ripdx6/eglibc-2.19/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2714
    #1 0x4b9852 in __asan_memcpy /local/mnt/workspace/clang_nightly/plain/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3
    #2 0x5eea7f in MEM_read32 /home/yangq/testapp/lizard-2.0/examples/../lib/entropy/mem.h:173:14
    #3 0x52350e in LZ5_compress_fastSmall /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_parser_fastsmall.h:94:25
    #4 0x52350e in LZ5_compress_generic /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_compress.c:513
    #5 0x52350e in LZ5_compress_continue /home/yangq/testapp/lizard-2.0/examples/../lib/lz5_compress.c:586
    #6 0x5f0cad in test_compress /home/yangq/testapp/lizard-2.0/examples/blockStreaming_lineByLine.c:67:34
    #7 0x5f098b in main /home/yangq/testapp/lizard-2.0/examples/blockStreaming_lineByLine.c:177:9
    #8 0x7f914d2d4f44 in __libc_start_main /build/eglibc-ripdx6/eglibc-2.19/csu/libc-start.c:287
    #9 0x419eeb in _start (/home/yangq/testapp/lizard-2.0/examples/lineCompress_asan+0x419eeb)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/eglibc-ripdx6/eglibc-2.19/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2714 
==181087==ABORTING

It seems 'match' or 'base' (lz5_parse_fastsmall.h:90) access invalid memory in some cases. It may cause a crash or denial of service.

kky0h avatar Sep 07 '18 07:09 kky0h

Thanks for reporting. I tried to reproduce your issue with the latest Lizard 1.0 at https://github.com/inikep/lizard/commit/02491c71c2e6fd5c10997404df2f18d0fc7afadb. I used gcc-8 with UBSan and ASan and it found no issues.

Please try the latest commit. If you will find an issue please also report your gcc/clang version and used parameters. My options were: gcc-8 -O2 -g -fsanitize=undefined -fsanitize=address -std=gnu99 -Wall -Wextra -Wundef -Wshadow -Wcast-align -Wstrict-prototypes

inikep avatar Oct 04 '18 08:10 inikep