-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undefined behavior in AlignmentBuffer::fill_up_with_zeros #3734
Comments
Thanks! I'll look into it. |
@randombit I'm quite sure we would have spotted this (even without a dedicated reproducer) in CI if we'd use the debug flags that @guidovranken is proposing. For gcc we even have it configured in the build system (as "iterator" sanitizer). But from a quick glance it is not enabled in the "sanitizers" CI job. I'll look into that next week. |
I suggest also enabling it in the Botan OSS-Fuzz project. Use |
Note that it's not about libc, but rather the C++ standard libary used (libstdc++ or libc++). You can use either of these on glibc, musl, etc. |
Enable `-D_LIBCPP_DEBUG=1` randombit/botan#3734 Compile wolfCrypt with AES EAX ciphermode
- Enable `-D_LIBCPP_DEBUG=1` to find bugs like randombit/botan#3734 - Compile wolfCrypt with AES EAX ciphermode
Set
CXXFLAGS
to-D_GLIBCXX_DEBUG
(if you're using the GNU libc) or to-D_LIBCPP_DEBUG=1
(if you're using the LLVM libc). Or set both if you're unsure. Then compile Botan and the reproducer below.Output:
The reason is that
m_buffer
(which has 64 elements) is accessed at element 64:botan/src/lib/utils/alignment_buffer.h
Line 80 in 30ecb87
It is illegal to access a container with an out-of-bounds index, even if it isn't dereferenced.
The text was updated successfully, but these errors were encountered: