Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: fix uninitialized memory in SHA256 #1196

Merged
merged 1 commit into from
May 29, 2023
Merged

core: fix uninitialized memory in SHA256 #1196

merged 1 commit into from
May 29, 2023

Conversation

chfast
Copy link
Member

@chfast chfast commented May 29, 2023

Move w[16] buffer outside of the outer loop. Otherwise, w goes out of scope in every outer loop iteration and uninitialized memory is used. This bug has become visible by building with GCC 13 in Release.

I restored the correct location of w[16] as in the original implementation at
https://github.com/amosnier/sha-2/blob/5beabbcc0d872e15a16d51539922dbfabb806316/sha-256.c#L40-L53. The code was introduced already with the bug in
#113.

Fixes #1191.

@chfast
core: fix uninitialized memory in SHA256
e8379e2 
Move `w[16]` buffer outside of the outer loop. Otherwise, `w` goes out
of scope in every outer loop iteration and uninitialized memory is used.
This bug has become visible by building with GCC 13 in Release.

I restored the correct location of `w[16]` as in the original
implementation at
https://github.com/amosnier/sha-2/blob/5beabbcc0d872e15a16d51539922dbfabb806316/sha-256.c#L40-L53.
The code was introduced already with the bug in
#113.

Fixes #1191.
@chfast chfast added bug Something isn't working and removed bug Something isn't working labels May 29, 2023
@chfast chfast requested a review from yperbasis May 29, 2023 12:36
yperbasis
yperbasis approved these changes May 29, 2023
View reviewed changes
Copy link
Member

@yperbasis yperbasis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I wonder why sanitize=undefined didn't catch it.

@yperbasis yperbasis merged commit 3cc504f into master May 29, 2023
@yperbasis yperbasis deleted the sha256_fix branch May 29, 2023 12:50
@yperbasis yperbasis mentioned this pull request Jun 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yperbasis yperbasis yperbasis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SHA256 is broken in GCC 13 Release builds
2 participants
@chfast @yperbasis