Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of uninitialized memory bug #239

Open
anon767 opened this issue Jan 16, 2023 · 1 comment
Open

Use of uninitialized memory bug #239

anon767 opened this issue Jan 16, 2023 · 1 comment

Comments

@anon767
Copy link

anon767 commented Jan 16, 2023

Hi,
During to a static analyzer verification I found following bug using MSAN and a fuzzer;

Uninitialized bytes in __interceptor_write at offset 0 inside [0x70e000000000, 219)
==2293981==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55ab1f01dee9 in put_fdout /src/stream.c:608:10
    #1 0x55ab1f01ef9b in write_1g /src/stream.c:650:9
    #2 0x55ab1f017698 in unzip_literal /src/runzip.c:168:6
    #3 0x55ab1f017698 in runzip_chunk /src/runzip.c:325:9
    #4 0x55ab1f017698 in runzip_fd /src/runzip.c:387:7
    #5 0x55ab1effc895 in decompress_file /src/lrzip.c:951:6
    #6 0x55ab1eff0efc in main /src/main.c:720:4
    #7 0x7f9a8b276d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
    #8 0x7f9a8b276e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
    #9 0x55ab1ef63634 in _start (/src/lrzip+0x22634) (BuildId: 6810fc07e3b025b95f3b30dc8f7bd92fdf2d5317)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/stream.c:608:10 in put_fdout
Exiting
@anon767 anon767 changed the title Use of initialized memory bug Use of uninitialized memory bug Jan 16, 2023
@pete4abw
Copy link
Contributor

Hi, During to a static analyzer verification I found following bug using MSAN and a fuzzer;

Uninitialized bytes in __interceptor_write at offset 0 inside [0x70e000000000, 219)
==2293981==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55ab1f01dee9 in put_fdout /src/stream.c:608:10
    #1 0x55ab1f01ef9b in write_1g /src/stream.c:650:9
    #2 0x55ab1f017698 in unzip_literal /src/runzip.c:168:6
    #3 0x55ab1f017698 in runzip_chunk /src/runzip.c:325:9
    #4 0x55ab1f017698 in runzip_fd /src/runzip.c:387:7
    #5 0x55ab1effc895 in decompress_file /src/lrzip.c:951:6
    #6 0x55ab1eff0efc in main /src/main.c:720:4
    #7 0x7f9a8b276d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
    #8 0x7f9a8b276e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
    #9 0x55ab1ef63634 in _start (/src/lrzip+0x22634) (BuildId: 6810fc07e3b025b95f3b30dc8f7bd92fdf2d5317)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/stream.c:608:10 in put_fdout
Exiting

I do not see the error. ret is set right above the call to put_fdout. I am NOT sure that the (size_t) is correct since ret is already declared as ssize_t and put_fdout expects the same in its argument list. But ret is not unintialized.

605 ssize_t put_fdout(rzip_control *control, void *offset_buf, ssize_t ret)

638 ssize_t write_1g(rzip_control *control, void *buf, i64 len) 
 639 { 
 640         uchar *offset_buf = buf; 
 641         ssize_t ret; 
 642         i64 total; 
 643  
 644         total = 0; 
 645         while (len > 0) { 
 646                 if (BITS32) 
 647                         ret = MIN(len, one_g); 
 648                 else 
 649                         ret = len; 
 650                 ret = put_fdout(control, offset_buf, (size_t)ret);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pete4abw @anon767