Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Windows VS build #11

Closed
wants to merge 1 commit into from
Closed

Fix Windows VS build #11

wants to merge 1 commit into from

Conversation

poiru
Copy link
Contributor

@poiru poiru commented Mar 22, 2012

Remove the undefined gzflags export from zlibvc.def to fix build error.

@madler madler closed this Mar 23, 2012
geoff-nixon referenced this pull request in geoff-nixon/zlib May 6, 2016
@Dead2
Merge pull request cloudflare#11 from mtl1979/develop
63045bc 
Fix parallel make
sebpop pushed a commit to sebpop/zlib that referenced this pull request Nov 15, 2018
oss-fuzz/11360: clear out s->prev buffer to avoid undefined behavior
d07add4 
this patch fixes a use of uninitialized value discovered by one of the fuzzers
of the oss-fuzz project:
https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c
clang's memory sanitizer fails with:

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5930dd in slide_hash zlib/deflate.c:222:20
    madler#1 0x589461 in fill_window zlib/deflate.c:1558:13
    madler#2 0x59828f in deflate_rle zlib/deflate.c:2119:13
    madler#3 0x590614 in deflate zlib/deflate.c:1045:41
    madler#4 0x4a2d56 in test_dict_deflate /src/example_dict_fuzzer.c:79:11
    madler#5 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3
    madler#6 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    madler#7 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    madler#8 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    madler#9 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    madler#10 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
    madler#11 0x41ed08 in _start
  Uninitialized value was created by a heap allocation
    #0 0x45fa10 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:911
    madler#1 0x586920 in deflateInit2_ zlib/deflate.c:320:27
    madler#2 0x4a2a24 in test_dict_deflate /src/example_dict_fuzzer.c:61:11
    madler#3 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3
    madler#4 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    madler#5 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    madler#6 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    madler#7 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    madler#8 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
@sebpop sebpop mentioned this pull request Nov 15, 2018
Closed
hzhuang1 pushed a commit to Linaro/warpdrive-zlib that referenced this pull request Jul 31, 2019
@Dead2
fix madler#197, oss-fuzz/10036: only write 4 bytes per iteration in d…
11989c9 
…eflate_quick

by aggregating the two consecutive values to be written by static_emit_ptr to
s->pending_buf and writing the two values at once in a 4 byte store, we avoid
running out of the allocated buffer. We used to call quick_send_bits twice and
bumped the counter s->pending in the first call, which made the second call
write to memory beyond the safe 4 bytes that were guaranteed by the following
condition in the enclosing loop in deflate_quick:

  if (s->pending + 4 >= s->pending_buf_size) {
    flush_pending(s->strm);

The bug was exposed by the memory sanitizer like so:

MemorySanitizer:DEADLYSIGNAL
--
  | ==1==ERROR: MemorySanitizer: SEGV on unknown address 0x730000020000 (pc 0x0000005b6ce4 bp 0x7fff59adb5e0 sp 0x7fff59adb570 T1)
  | ==1==The signal is caused by a WRITE memory access.
  | #0 0x5b6ce3 in quick_send_bits zlib-ng/arch/x86/deflate_quick.c:134:48
  | madler#1 0x5b5752 in deflate_quick zlib-ng/arch/x86/deflate_quick.c:243:21
  | madler#2 0x590a15 in zng_deflate zlib-ng/deflate.c:952:18
  | madler#3 0x587165 in zng_compress2 zlib-ng/compress.c:59:15
  | madler#4 0x5866d3 in check_compress_level zlib-ng/test/fuzz/compress_fuzzer.c:22:3
  | madler#5 0x5862d8 in LLVMFuzzerTestOneInput zlib-ng/test/fuzz/compress_fuzzer.c:74:3
  | madler#6 0x4e9b48 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:575:15
  | madler#7 0x4a2f66 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
  | madler#8 0x4b3adb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:715:9
  | madler#9 0x4a2091 in main /src/libfuzzer/FuzzerMain.cpp:20:10
  | madler#10 0x7fb8919b082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
  | madler#11 0x41ec68 in _start
  | MemorySanitizer can not provide additional info.
  | SUMMARY: MemorySanitizer: SEGV (/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_zlib-ng_7ead0a3e4980f024583384fd355b6e3ddd4b2ca2/revisions/compress_fuzzer+0x5b6ce3)
ryantrinkle pushed a commit to obsidiansystems/zlib that referenced this pull request Jun 7, 2020
@dcoutts
Change the window bits range from 8..15 to 9..15
26d9115 
The zlib C lib has been changed to clarify that in fact window bits = 8
is not supported:

madler@049578f

We already had a guard in one of the tests to avoid the window bits = 8
case for some formats where it had been observed to fail. The change in
the C lib now makes it fail in more cases (since it had never been
properly supported anyway). So the simplest thing to do is just say that
9 is the minimum value.

Credit to Sergei Trofimovich for notifying and then tracking down the
root cause of the failure with newer versions of the C lib.

This fixes issue madler#11.
Lecrapouille pushed a commit to Lecrapouille/zlib that referenced this pull request Sep 5, 2021
@Lecrapouille
oss-fuzz/11360: clear out s->prev buffer to avoid undefined behavior
b0f57e3 
this patch fixes a use of uninitialized value discovered by one of the fuzzers
of the oss-fuzz project:
https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c
clang's memory sanitizer fails with:

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5930dd in slide_hash zlib/deflate.c:222:20
    madler#1 0x589461 in fill_window zlib/deflate.c:1558:13
    madler#2 0x59828f in deflate_rle zlib/deflate.c:2119:13
    madler#3 0x590614 in deflate zlib/deflate.c:1045:41
    madler#4 0x4a2d56 in test_dict_deflate /src/example_dict_fuzzer.c:79:11
    madler#5 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3
    madler#6 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    madler#7 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    madler#8 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    madler#9 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    madler#10 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
    madler#11 0x41ed08 in _start
  Uninitialized value was created by a heap allocation
    #0 0x45fa10 in malloc /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:911
    madler#1 0x586920 in deflateInit2_ zlib/deflate.c:320:27
    madler#2 0x4a2a24 in test_dict_deflate /src/example_dict_fuzzer.c:61:11
    madler#3 0x4a3e9b in LLVMFuzzerTestOneInput /src/example_dict_fuzzer.c:156:3
    madler#4 0x4ed04b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    madler#5 0x4a4ff6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    madler#6 0x4b5e1a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    madler#7 0x4a4121 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    madler#8 0x7f3d7a13b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
RytoEX pushed a commit to RytoEX/zlib that referenced this pull request Nov 10, 2022
@JeromeMartinez
Merge pull request madler#11 from JeromeMartinez/VC17
dff641b 
MSVC2022 project files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@poiru @madler