rpms
/
zlib
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolve fuzzing issue for unknown memory access 

Resolves: #2167803
This commit is contained in:
Lukas Javorsky 2023-02-07 15:23:22 +00:00
parent ec38e5e479
commit 9e9b99af9c
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
zlib-1.2.11-Limit-hash-table-inserts.patch Normal file
View File

@ -0,0 +1,69 @@
From 2d80d3f6b52f9fa454c26c89d2d6a1790e1cecb0 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Sat, 21 Jan 2017 01:50:26 -0800
Subject: [PATCH] Limit hash table inserts after switch from stored deflate.
This limits hash table inserts to the available data in the window
and to the sliding window size in deflate_stored(). The hash table
inserts are deferred until deflateParams() switches to a non-zero
compression level.
---
deflate.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/deflate.c b/deflate.c
index 20bda4f..d368b25 100644
--- a/deflate.c
+++ b/deflate.c
@@ -1513,6 +1513,8 @@ local void fill_window(s)
s->match_start -= wsize;
s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
s->block_start -= (long) wsize;
+ if (s->insert > s->strstart)
+ s->insert = s->strstart;
slide_hash(s);
more += wsize;
}
@@ -1742,6 +1744,7 @@ local block_state deflate_stored(s, flush)
s->matches = 2; /* clear hash */
zmemcpy(s->window, s->strm->next_in - s->w_size, s->w_size);
s->strstart = s->w_size;
+ s->insert = s->strstart;
}
else {
if (s->window_size - s->strstart <= used) {
@@ -1750,12 +1753,14 @@ local block_state deflate_stored(s, flush)
zmemcpy(s->window, s->window + s->w_size, s->strstart);
if (s->matches < 2)
s->matches++; /* add a pending slide_hash() */
+ if (s->insert > s->strstart)
+ s->insert = s->strstart;
}
zmemcpy(s->window + s->strstart, s->strm->next_in - used, used);
s->strstart += used;
+ s->insert += MIN(used, s->w_size - s->insert);
}
s->block_start = s->strstart;
- s->insert += MIN(used, s->w_size - s->insert);
}
if (s->high_water < s->strstart)
s->high_water = s->strstart;
@@ -1779,12 +1784,15 @@ local block_state deflate_stored(s, flush)
if (s->matches < 2)
s->matches++; /* add a pending slide_hash() */
have += s->w_size; /* more space now */
+ if (s->insert > s->strstart)
+ s->insert = s->strstart;
}
if (have > s->strm->avail_in)
have = s->strm->avail_in;
if (have) {
read_buf(s->strm, s->window + s->strstart, have);
s->strstart += have;
+ s->insert += MIN(have, s->w_size - s->insert);
}
if (s->high_water < s->strstart)
s->high_water = s->strstart;
--
2.39.1

9
zlib.spec
View File

@ -2,7 +2,7 @@
Name: zlib
Version: 1.2.11
Release: 37%{?dist}
Release: 38%{?dist}
Summary: Compression and decompression library
# /contrib/dotzlib/ have Boost license
License: zlib and Boost
@ -13,6 +13,9 @@ Source: https://www.zlib.net/zlib-%{version}.tar.xz
Patch0: zlib-1.2.5-minizip-fixuncrypt.patch
# resolves: #805113
Patch1: zlib-1.2.11-optimized-s390.patch
# Backport upstream commit 2d80d3f6b52f9fa454c26c89d2d6a1790e1cecb0
# Reason: Fuzzer founds issues with unknown memory access
Patch5: zlib-1.2.11-Limit-hash-table-inserts.patch
# IBM Z optimalizations
Patch7: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-s390x.patch
# fix for IBM Z optimalizations
@ -114,6 +117,7 @@ developing applications which use minizip.
%ifarch s390 s390x
%patch1 -p1 -b .optimized-deflate
%endif
%patch5 -p1
%patch7 -p1
%patch11 -p1
%patch12 -p1
@ -209,6 +213,9 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
%changelog
* Tue Feb 07 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-38
- Resolve fuzzing issue for unknown memory access
* Tue Feb 07 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-37
- Rebased Power 8 optimization patches
- Fix for Unnecessary IFUNC resolver for crc32_z