diff options
author | Sami Boukortt <sami@boukortt.com> | 2022-07-05 07:07:32 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-05 15:07:32 +1000 |
commit | 7579d5d84f92e5d69d7caabff5fb5c80892c8364 (patch) | |
tree | 078fe5d09fec817df5858ae595ebff9745a20774 | |
parent | beb98b4d1a3b1b5fceed2ddf7f846c4e557b1ec4 (diff) |
lzo: unpoison the working buffer (#7941)
The compression function appears to account for the possibility that the
buffer contains random values, but msan does not realize that.
Initializing the buffer would be another option, but mere unpoisoning
maintains the ability to detect flaws in the way that the library
handles such uninitialized buffers. (Although, arguably, perhaps this
would be better served by separate fuzzing, which would also make such
findings more reproducible.)
This fixes b/154387018.
-rw-r--r-- | projects/lzo/all_lzo_compress.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/projects/lzo/all_lzo_compress.cc b/projects/lzo/all_lzo_compress.cc index 13c3d113..510f6aeb 100644 --- a/projects/lzo/all_lzo_compress.cc +++ b/projects/lzo/all_lzo_compress.cc @@ -202,6 +202,10 @@ void FuzzLzoAlgorithm(const LzoAlgorithm& algorithm, std::unique_ptr<uint8_t[]> compressed_buffer( new uint8_t[algorithm.GetMaxCompressedSize(input_buffer.size())]); +#if MEMORY_SANITIZER + __msan_unpoison(working_buffer.get(), algorithm.working_memory_size); +#endif + lzo_uint compressed_size; if (algorithm.compress_fn(input_buffer.data(), input_buffer.size(), compressed_buffer.get(), &compressed_size, |