jrmuizel / miniz

Automatically exported from code.google.com/p/miniz
0 stars 0 forks source link

Unsigned integer overflow #10

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Compiling with clang++ and the `-fsanitize=unsigned-integer-overflow` flag 
(http://clang.llvm.org/docs/UsersManual.html) exposes a few unsigned overflow 
issues:

../src/miniz.c:1929:7: runtime error: unsigned integer overflow: 0 - 1 cannot 
be represented in type 'mz_uint' (aka 'unsigned int')
../src/miniz.c:964:35: runtime error: unsigned integer overflow: 0 - 1 cannot 
be represented in type 'size_t' (aka 'unsigned long')

Originally described at https://github.com/developmentseed/node-blend/issues/27

Original issue reported on code.google.com by d...@dbsgeo.com on 8 Jan 2013 at 2:04

GoogleCodeExporter commented 9 years ago
line 1929 is `TDEFL_RLE_ZERO_CODE_SIZE` and 964 is `crcu32 = ~crcu32; while 
(buf_len--) { mz_uint8 b = *ptr++; crcu32 = (crcu32 >> 4) ^ s_crc32[(crcu32 & 
0xF) ^ (b & 0xF)]; crcu32 = (crcu32 >> 4) ^ s_crc32[(crcu32 & 0xF) ^ (b >> 4)]; 
}`

Original comment by d...@dbsgeo.com on 8 Jan 2013 at 2:06

GoogleCodeExporter commented 9 years ago
Thanks for the report! I'm compiling with v3.3 - I'll amp up the clang warnings 
(like I do at work) and see what comes out. I couldn't do this on the v1.15 
release, but I'll get to this in the next update.

Original comment by richge...@gmail.com on 13 Oct 2013 at 5:32

GoogleCodeExporter commented 9 years ago
Okay, thanks! I'll also add that I've been compiling miniz as cpp and to 
compile as cpp11 I needed this tiny tweak: 
https://github.com/mapnik/mapnik/commit/4ee91a4a25a79c380c5b6eb27cc2e7baf8739e75
#diff-40ee208975f5b7bdf7ef7db21c732300

Original comment by d...@mapbox.com on 14 Oct 2013 at 6:47