cryptopp icon indicating copy to clipboard operation
cryptopp copied to clipboard

Published 20 hours ago verified publisher icon weidai11

bug in upper_bound search

Open dvgrinberg opened this issue 2 years ago • 2 comments

  • State the operating system and version (Ubutnu 17 x86_64, Windows 7 Professional x64, etc): Windows 10
  • State the version of the Crypto++ library (Crypto++ 7.0, Master, etc): 5.6.2

There is a bug when doing upper_bound search with distance equal to 0: https://github.com/weidai11/cryptopp/blob/0a7a16472643597b415f017b3e53f68168217542/zdeflate.cpp#L581 This expression results in (unsigned int)(0-1) and so later segfault happens when trying to access distanceBases

dvgrinberg avatar Jun 16 '22 13:06 dvgrinberg

Thanks @dvgrinberg.

Do you have a reproducer or suggested fix?

Maybe something like:

distanceCode = distanceBases == 0 ? 0 : (upper_bound(distanceBases, distanceBases+30, distance) - distanceBases - 1);

noloader avatar Jun 16 '22 13:06 noloader

Thanks @dvgrinberg.

Do you have a reproducer or suggested fix?

I'm not really familiar with this library, is it even appropriate to call this function with distance==0? Maybe the actual bug was before

dvgrinberg avatar Jun 16 '22 13:06 dvgrinberg