search

weidai11 / cryptopp

free C++ class library of cryptographic schemes
https://cryptopp.com
Other
4.66k stars 1.47k forks source link

SIMON128 Asan failures on POWER8 #1237

Closed noloader closed 9 months ago

noloader commented 9 months ago

On cfarm29.cfarm.net, which is a POWER9 machine, Asan is producing the following failure:

$ ./cryptest.exe tv simon
Using seed: 1696129750      

Testing SymmetricCipher algorithm SIMON-64/ECB.
................................
Testing SymmetricCipher algorithm SIMON-64/CBC.
............................
Testing SymmetricCipher algorithm SIMON-64/CTR.
..........................................
Testing SymmetricCipher algorithm SIMON-128/ECB.
................=================================================================
==2183894==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7eaff62ed7a0 at pc 0x000100d23344 bp 0x7fffffff72d0 sp 0x7fffffff72f0
READ of size 16 at 0x7eaff62ed7a0 thread T0
    #0 0x100d23340 in CryptoPP::VecLoad(unsigned int const*) /home/noloader/cryptopp/ppc_simd.h:441
    #1 0x100d23340 in SIMON128_Dec_Block /home/noloader/cryptopp/simon128_simd.cpp:635
    #2 0x100d25c58 in unsigned long CryptoPP::AdvancedProcessBlocks128_6x1_ALTIVEC<void (*)(unsigned int __vector(4)&, unsigned long const*, unsigned int), void (*)(unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned long const*, unsigned int), unsigned long>(void (*)(unsigned int __vector(4)&, unsigned long const*, unsigned int), void (*)(unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned int __vector(4)&, unsigned long const*, unsigned int), unsigned long const*, unsigned long, unsigned char const*, unsigned char const*, unsigned char*, unsigned long, unsigned int) /home/noloader/cryptopp/adv_simd.h:1261
    #3 0x100d23f48 in CryptoPP::SIMON128_Dec_AdvancedProcessBlocks_ALTIVEC(unsigned long const*, unsigned long, unsigned char const*, unsigned char const*, unsigned char*, unsigned long, unsigned int) /home/noloader/cryptopp/simon128_simd.cpp:857
    #4 0x100d1c980 in CryptoPP::SIMON128::Dec::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned long, unsigned int) const /home/noloader/cryptopp/simon.cpp:498
    #5 0x100bd8974 in CryptoPP::ECB_OneWay::ProcessData(unsigned char*, unsigned char const*, unsigned long) /home/noloader/cryptopp/modes.cpp:200
    #6 0x100a64f34 in CryptoPP::StreamTransformation::ProcessString(unsigned char*, unsigned long) /home/noloader/cryptopp/cryptlib.h:1066
    #7 0x100a64f34 in CryptoPP::StreamTransformationFilter::NextPutModifiable(unsigned char*, unsigned long) /home/noloader/cryptopp/filters.cpp:691
    #8 0x100a7b174 in CryptoPP::FilterWithBufferedInput::PutMaybeModifiable(unsigned char*, unsigned long, int, bool, bool) /home/noloader/cryptopp/filters.cpp:403
    #9 0x1002121c0 in CryptoPP::FilterWithBufferedInput::Put2(unsigned char const*, unsigned long, int, bool) /home/noloader/cryptopp/filters.h:361
    #10 0x100802b3c in CryptoPP::BufferedTransformation::ChannelPut2(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned char const*, unsigned long, int, bool) /home/noloader/cryptopp/cryptlib.cpp:469
    #11 0x10037df20 in CryptoPP::BufferedTransformation::ChannelPut(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned char const*, unsigned long, bool) /home/noloader/cryptopp/cryptlib.h:2210
    #12 0x10037df20 in RandomizedTransfer /home/noloader/cryptopp/datatest.cpp:184
    #13 0x10038f554 in TestSymmetricCipher /home/noloader/cryptopp/datatest.cpp:750
    #14 0x1003a2568 in TestDataFile /home/noloader/cryptopp/datatest.cpp:1350
    #15 0x1003a9570 in CryptoPP::Test::RunTestDataFile(char const*, CryptoPP::NameValuePairs const&, bool) /home/noloader/cryptopp/datatest.cpp:1432
    #16 0x100207858 in CryptoPP::Test::scoped_main(int, char**) /home/noloader/cryptopp/test.cpp:347
    #17 0x100209770 in main /home/noloader/cryptopp/test.cpp:1097
    #18 0x7ffff7024ca8 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #19 0x7ffff7024ee8 in generic_start_main ../csu/libc-start.c:360
    #20 0x7ffff7024ee8 in __libc_start_main_impl ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:109

0x7eaff62ed7a8 is located 0 bytes to the right of 552-byte region [0x7eaff62ed580,0x7eaff62ed7a8)
allocated by thread T0 here:
    #0 0x7ffff78df604 in __interceptor_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:99
    #1 0x100859bac in CryptoPP::AlignedAllocate(unsigned long) /home/noloader/cryptopp/allocate.cpp:46
    #2 0x100d21a5c in CryptoPP::AllocatorWithCleanup<unsigned long, true>::allocate(unsigned long, void const*) /home/noloader/cryptopp/secblock.h:215
    #3 0x100d21a5c in CryptoPP::AllocatorWithCleanup<unsigned long, true>::pointer CryptoPP::StandardReallocate<unsigned long, CryptoPP::AllocatorWithCleanup<unsigned long, true> >(CryptoPP::AllocatorWithCleanup<unsigned long, true>&, unsigned long*, CryptoPP::AllocatorWithCleanup<unsigned long, true>::size_type, CryptoPP::AllocatorWithCleanup<unsigned long, true>::size_type, bool) /home/noloader/cryptopp/secblock.h:174
    #4 0x100d21a5c in CryptoPP::AllocatorWithCleanup<unsigned long, true>::reallocate(unsigned long*, unsigned long, unsigned long, bool) /home/noloader/cryptopp/secblock.h:262
    #5 0x100d21a5c in CryptoPP::SecBlock<unsigned long, CryptoPP::AllocatorWithCleanup<unsigned long, true> >::New(unsigned long) /home/noloader/cryptopp/secblock.h:1128
    #6 0x100d21a5c in CryptoPP::SIMON128::Base::UncheckedSetKey(unsigned char const*, unsigned int, CryptoPP::NameValuePairs const&) /home/noloader/cryptopp/simon.cpp:372
    #7 0x10080395c in CryptoPP::SimpleKeyingInterface::SetKey(unsigned char const*, unsigned long, CryptoPP::NameValuePairs const&) /home/noloader/cryptopp/cryptlib.cpp:61
    #8 0x1003c36ec in CryptoPP::ECB_OneWay::SetKey(unsigned char const*, unsigned long, CryptoPP::NameValuePairs const&) /home/noloader/cryptopp/modes.h:277
    #9 0x10038bd14 in TestSymmetricCipher /home/noloader/cryptopp/datatest.cpp:652
    #10 0x1003a2568 in TestDataFile /home/noloader/cryptopp/datatest.cpp:1350
    #11 0x1003a9570 in CryptoPP::Test::RunTestDataFile(char const*, CryptoPP::NameValuePairs const&, bool) /home/noloader/cryptopp/datatest.cpp:1432
    #12 0x100207858 in CryptoPP::Test::scoped_main(int, char**) /home/noloader/cryptopp/test.cpp:347
    #13 0x100209770 in main /home/noloader/cryptopp/test.cpp:1097
    #14 0x7ffff7024ca8 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #15 0x7ffff7024ee8 in generic_start_main ../csu/libc-start.c:360
    #16 0x7ffff7024ee8 in __libc_start_main_impl ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:109

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/noloader/cryptopp/ppc_simd.h:441 in CryptoPP::VecLoad(unsigned int const*)
Shadow bytes around the buggy address:
  0x11d5fec5daa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x11d5fec5dab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d5fec5dac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d5fec5dad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d5fec5dae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x11d5fec5daf0: 00 00 00 00[00]fa fa fa fa fa fa fa fa fa fa fa
  0x11d5fec5db00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x11d5fec5db10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x11d5fec5db20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x11d5fec5db30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x11d5fec5db40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2183894==ABORTING
noloader commented 9 months ago

Cleared at Commit 45f8a77f4e79.