Skip to content

[decompress] Fix nullptr addition & improve fuzzer#3356

Merged
terrelln merged 1 commit intofacebook:devfrom
terrelln:issue-3351
Dec 15, 2022
Merged

[decompress] Fix nullptr addition & improve fuzzer#3356
terrelln merged 1 commit intofacebook:devfrom
terrelln:issue-3351

Conversation

@terrelln
Copy link
Contributor

@terrelln terrelln commented Dec 15, 2022
edited
Loading

Fix an instance of NULL + 0 in ZSTD_decompressStream(). Also, improve our stream_decompress fuzzer to pass NULL in/out buffers to ZSTD_decompressStream(), and fix 2 issues that were immediately surfaced.

The stream_decompress fuzzer now catches this bug when the relevant UBSAN warning is enabled.

I scanned through ZSTD_decompressStream() and this seems to be the only offending pointer arithmetic.

Fixes #3351

@terrelln
[decompress] Fix nullptr addition & improve fuzzer
778f2c8 
Fix an instance of `NULL + 0` in `ZSTD_decompressStream()`. Also, improve our
`stream_decompress` fuzzer to pass `NULL` in/out buffers to
`ZSTD_decompressStream()`, and fix 2 issues that were immediately surfaced.

Fixes facebook#3351
@terrelln terrelln mentioned this pull request Dec 15, 2022
Closed
@terrelln terrelln merged commit f31b83f into facebook:dev Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Cyan4973 Cyan4973 Cyan4973 approved these changes

Assignees

No one assigned

Labels

CLA Signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

When decompressing truncated input, calling ZSTD_decompressStream() with input = {NULL, 0, 0} computes NULL + 0, which is UB

3 participants

@terrelln @Cyan4973 @facebook-github-bot