From: "Daniel P. Berrange" <berrange@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-trivial@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] crypto/ivgen-essiv: Fix problem with address sanitizer of Clang
Date: Wed, 10 Jan 2018 12:36:51 +0000 [thread overview]
Message-ID: <20180110123651.GJ3205@redhat.com> (raw)
In-Reply-To: <1514907465-14530-1-git-send-email-thuth@redhat.com>
On Tue, Jan 02, 2018 at 04:37:45PM +0100, Thomas Huth wrote:
> When compiling QEMU with clang and -fsanitize=address, I get the
> following error:
>
> ==9185==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc7e9adf2f at pc 0x564cba001d88 bp 0x7ffc7e9adeb0 sp 0x7ffc7e9adea8
> READ of size 16 at 0x7ffc7e9adf2f thread T0
> #0 0x564cba001d87 in qcrypto_ivgen_essiv_calculate .../crypto/ivgen-essiv.c:83
> #1 0x564cba001367 in qcrypto_ivgen_calculate .../crypto/ivgen.c:72
> #2 0x564cb9fec630 in test_ivgen .../tests/test-crypto-ivgen.c:148
> #3 0x7f98f4224b39 (/lib64/libglib-2.0.so.0+0x6fb39)
> #4 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #5 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #6 0x7f98f4224d02 (/lib64/libglib-2.0.so.0+0x6fd02)
> #7 0x7f98f4224f0d (/lib64/libglib-2.0.so.0+0x6ff0d)
> #8 0x7f98f4224f30 (/lib64/libglib-2.0.so.0+0x6ff30)
> #9 0x564cb9fec446 in main .../tests/test-crypto-ivgen.c:173
> #10 0x7f98f294fc04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
> #11 0x564cb9fec1ac in _start (.../tests/test-crypto-ivgen+0xdb1ac)
>
> Address 0x7ffc7e9adf2f is located in stack of thread T0 at offset 47 in frame
> #0 0x564cba00192f in qcrypto_ivgen_essiv_calculate .../crypto/ivgen-essiv.c:76
>
> And indeed, the code is doing a "memcpy(data, (uint8_t *)§or, ndata)"
> here with "sector" being a uint64_t variable and ndata = 16.
>
> Fix it by limiting the size of the memcpy correctly.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> crypto/ivgen-essiv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
FYI, this is a dupe of the same fix posted Marc-André Lureau last
year with subject "crypto: fix stack-buffer-overflow error", which I
already have queued.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2018-01-10 12:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-02 15:37 [Qemu-devel] [PATCH] crypto/ivgen-essiv: Fix problem with address sanitizer of Clang Thomas Huth
2018-01-10 12:36 ` Daniel P. Berrange [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110123651.GJ3205@redhat.com \
--to=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).