numcodecs icon indicating copy to clipboard operation
numcodecs copied to clipboard
verified publisher icon zarr-developers

Poor handling of corrupted input by blosc decoder

Open risicle opened this issue 5 years ago • 0 comments

(Having first contacted the authors privately with this issue, they requested I post the issue here)

Minimal, reproducible code sample, a copy-pastable example if possible

from numcodecs.blosc import Blosc

with open("file/name", "rb") as f:
    Blosc().decode(f.read())

given one of the sample files from ris-00.tar.gz

Problem description

These inputs cause memory reads (often leading to crashes) outside their allocated buffer. These can be observed using a tool such as asan, valgrind or tcmalloc's "debug" mode. The files are separated into about eight groups, but it's possible all these issues stem from the same miscalculation somewhere.

Version and installation information

Please provide the following:

  • Numcodecs 0.6.4
  • Python 3.7
  • Linux x86_64
  • Nix package

risicle avatar Apr 18 '20 11:04 risicle