Closed marxin closed 2 years ago
Can be seen with:
$ gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/home/marxin/bin/gcc/libexec/gcc/x86_64-pc-linux-gnu/12.0.1/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /home/marxin/Programming/gcc/configure --enable-languages=c,c++,fortran,jit --prefix=/home/marxin/bin/gcc --disable-multilib --enable-host-shared --disable-libsanitizer --enable-valgrind-annotations --disable-bootstrap Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 12.0.1 20220325 (experimental) (GCC) $ gcc common.c -std=c99 -Wall -Wextra -pedantic -Wdouble-promotion -Wformat=2 -Winit-self -Wmissing-include-dirs -Wtrampolines -Wfloat-equal -Wshadow -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Winline -Wno-variadic-macros -Wswitch-default -Wpadded -Wsync-nand -Wunsafe-loop-optimizations -Wcast-align -Wstrict-overflow -Wdeclaration-after-statement -Wundef -Wbad-function-cast -Wcast-qual -Wlogical-op -Wstrict-prototypes -Wold-style-definition -Wpacked -Wvector-operation-performance -Wunsuffixed-float-constants -Wsuggest-attribute=const -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsuggest-attribute=format -Wnormalized=nfkc -O2 -D_FORTIFY_SOURCE=3 -g sha3-224sum.c -lkeccak $ ./a.out -c .testdir/sums-1 blksize=4096, size=4096, ptr=0 blksize=4096, size=4096, ptr=276 *** buffer overflow detected ***: terminated Aborted (core dumped)
one can see it with the following debugging patch:
diff --git a/common.c b/common.c index dda8683..2b1143d 100644 --- a/common.c +++ b/common.c @@ -320,6 +320,7 @@ check_checksums(const char *restrict filename, const struct libkeccak_spec *rest if (ptr + blksize < size) buf = erealloc(buf, size <<= 1); + fprintf (stderr, "blksize=%ld, size=%ld, ptr=%ld\n", blksize, size, ptr); got = read(fd, buf + ptr, blksize); if (got < 0) eperror();
So read is called with blksize == 4096, which buf + ptr does not have enough space.
read
blksize == 4096
buf + ptr
@siddhesh
Thank you for reporting this. This should now be fixed, and I made a new release: 1.2.2.
Thanks for the quickfix. Glad that it caught a real issue in the code.
Can be seen with:
one can see it with the following debugging patch:
So
read
is called withblksize == 4096
, whichbuf + ptr
does not have enough space.