lzo: unpoison the working buffer (#7941)

The compression function appears to account for the possibility that the
buffer contains random values, but msan does not realize that.

Initializing the buffer would be another option, but mere unpoisoning
maintains the ability to detect flaws in the way that the library
handles such uninitialized buffers. (Although, arguably, perhaps this
would be better served by separate fuzzing, which would also make such
findings more reproducible.)

This fixes b/154387018.
This commit is contained in:
Sami Boukortt 2022-07-05 07:07:32 +02:00 committed by GitHub
parent beb98b4d1a
commit 7579d5d84f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions

View File

@ -202,6 +202,10 @@ void FuzzLzoAlgorithm(const LzoAlgorithm& algorithm,
std::unique_ptr<uint8_t[]> compressed_buffer( std::unique_ptr<uint8_t[]> compressed_buffer(
new uint8_t[algorithm.GetMaxCompressedSize(input_buffer.size())]); new uint8_t[algorithm.GetMaxCompressedSize(input_buffer.size())]);
#if MEMORY_SANITIZER
__msan_unpoison(working_buffer.get(), algorithm.working_memory_size);
#endif
lzo_uint compressed_size; lzo_uint compressed_size;
if (algorithm.compress_fn(input_buffer.data(), input_buffer.size(), if (algorithm.compress_fn(input_buffer.data(), input_buffer.size(),
compressed_buffer.get(), &compressed_size, compressed_buffer.get(), &compressed_size,