Page MenuHome GnuPG
Create Task
Maniphest T2062

invalid left shift iobuf.c
Closed, ResolvedPublic
Actions

Description

Hi,
after fuzzing gnupg2 with afl for one night, I found 2 invalid shift in iobuf.c.
To reproduce them, you need to build the source code with flag '-
fsanitize=undefined' and then execute command ./gnupg2 $file'.
You will see the following error information:
iobuf.c:875:38: runtime error: left shift of negative value -1
iobuf.c:876:38: runtime error: left shift of negative value -1

Details

Version
git

Event Timeline

xiedingbao added a subscriber: xiedingbao.Aug 1 2015, 10:37 PM

664_id_0000014 BDownload

xiedingbao added a project: Bug Report.Aug 1 2015, 10:37 PM
xiedingbao set Version to git.
werner added a subscriber: werner.Aug 3 2015, 11:23 AM

That is EOF and the iobuf_get in line 877 will this also return EOF and thus
size is not anymore used. Don't you get the error message then?

[I know that those pesky compilers may remove the rest of the code as soon as
they notice something undefined. This is VERY troublesome and the reason why I
run the STACK utility from time to time to catch actual removed code. The end
of defensive programming.]

neal added a project: gnupg.Sep 1 2015, 2:13 PM
werner closed this task as Resolved.Oct 28 2015, 5:15 PM
werner claimed this task.
werner added projects: Info Needed, Not A Bug.