From: "Daniel P. Berrange" <berrange@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-trivial@nongnu.org
Subject: Re: [Qemu-trivial] [PATCH] crypto/ivgen-essiv: Fix problem with address sanitizer of Clang
Date: Wed, 10 Jan 2018 12:36:51 +0000 [thread overview]
Message-ID: <20180110123651.GJ3205@redhat.com> (raw)
In-Reply-To: <1514907465-14530-1-git-send-email-thuth@redhat.com>
On Tue, Jan 02, 2018 at 04:37:45PM +0100, Thomas Huth wrote:
> When compiling QEMU with clang and -fsanitize=address, I get the
> following error:
>
> ==9185==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc7e9adf2f at pc 0x564cba001d88 bp 0x7ffc7e9adeb0 sp 0x7ffc7e9adea8
> READ of size 16 at 0x7ffc7e9adf2f thread T0
> #0 0x564cba001d87 in qcrypto_ivgen_essiv_calculate .../crypto/ivgen-essiv.c:83
> #1 0x564cba001367 in qcrypto_ivgen_calculate .../crypto/ivgen.c:72
> #2 0x564cb9fec630 in test_ivgen .../tests/test-crypto-ivgen.c:148
> #3 0x7f98f4224b39 (/lib64/libglib-2.0.so.0+0x6fb39)
> #4 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #5 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #6 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #7 0x7f98f4224f0d (/lib64/libglib-2.0.so.0+0x6ff0d)
> #8 0x7f98f4224f30 (/lib64/libglib-2.0.so.0+0x6ff30)
> #9 0x564cb9fec446 in main .../tests/test-crypto-ivgen.c:173
> #10 0x7f98f294fc04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
> #11 0x564cb9fec1ac in _start (.../tests/test-crypto-ivgen+0xdb1ac)
>
> Address 0x7ffc7e9adf2f is located in stack of thread T0 at offset 47 in frame
> #0 0x564cba00192f in qcrypto_ivgen_essiv_calculate .../crypto/ivgen-essiv.c:76
>
> And indeed, the code is doing a "memcpy(data, (uint8_t *)§or, ndata)"
> here with "sector" being a uint64_t variable and ndata = 16.
>
> Fix it by limiting the size of the memcpy correctly.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> crypto/ivgen-essiv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
FYI, this is a dupe of the same fix posted Marc-André Lureau last
year with subject "crypto: fix stack-buffer-overflow error", which I
already have queued.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrange" <berrange@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-trivial@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] crypto/ivgen-essiv: Fix problem with address sanitizer of Clang
Date: Wed, 10 Jan 2018 12:36:51 +0000 [thread overview]
Message-ID: <20180110123651.GJ3205@redhat.com> (raw)
In-Reply-To: <1514907465-14530-1-git-send-email-thuth@redhat.com>
On Tue, Jan 02, 2018 at 04:37:45PM +0100, Thomas Huth wrote:
> When compiling QEMU with clang and -fsanitize=address, I get the
> following error:
>
> ==9185==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc7e9adf2f at pc 0x564cba001d88 bp 0x7ffc7e9adeb0 sp 0x7ffc7e9adea8
> READ of size 16 at 0x7ffc7e9adf2f thread T0
> #0 0x564cba001d87 in qcrypto_ivgen_essiv_calculate .../crypto/ivgen-essiv.c:83
> #1 0x564cba001367 in qcrypto_ivgen_calculate .../crypto/ivgen.c:72
> #2 0x564cb9fec630 in test_ivgen .../tests/test-crypto-ivgen.c:148
> #3 0x7f98f4224b39 (/lib64/libglib-2.0.so.0+0x6fb39)
> #4 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #5 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #6 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #7 0x7f98f4224f0d (/lib64/libglib-2.0.so.0+0x6ff0d)
> #8 0x7f98f4224f30 (/lib64/libglib-2.0.so.0+0x6ff30)
> #9 0x564cb9fec446 in main .../tests/test-crypto-ivgen.c:173
> #10 0x7f98f294fc04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
> #11 0x564cb9fec1ac in _start (.../tests/test-crypto-ivgen+0xdb1ac)
>
> Address 0x7ffc7e9adf2f is located in stack of thread T0 at offset 47 in frame
> #0 0x564cba00192f in qcrypto_ivgen_essiv_calculate .../crypto/ivgen-essiv.c:76
>
> And indeed, the code is doing a "memcpy(data, (uint8_t *)§or, ndata)"
> here with "sector" being a uint64_t variable and ndata = 16.
>
> Fix it by limiting the size of the memcpy correctly.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> crypto/ivgen-essiv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
FYI, this is a dupe of the same fix posted Marc-André Lureau last
year with subject "crypto: fix stack-buffer-overflow error", which I
already have queued.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-01-10 12:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-02 15:37 [Qemu-trivial] [PATCH] crypto/ivgen-essiv: Fix problem with address sanitizer of Clang Thomas Huth
2018-01-02 15:37 ` [Qemu-devel] " Thomas Huth
2018-01-10 12:36 ` Daniel P. Berrange [this message]
2018-01-10 12:36 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110123651.GJ3205@redhat.com \
--to=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.