Invalid Shift at FastHufDecoder (72367575) #268
Labels
Bug
A bug in the source code
Comments
kdt3rd
added a commit
to kdt3rd/openexr
that referenced
this issue
Aug 13, 2019
… decoder Technically, doing a logical right shift by the number of bits (or more) of a number is undefined behaviour. gcc / x86 seems to do (v >> (shift%bits)), meaning that a right shift of 64 would end up as a right shift of 0 on a uint64_t value. However, other platforms may shift by the full number of bits and produce and output 0, not the input. Instead of leaving this ambiguity, force the 0th value to be manually unrolled / extracted and to do what was there (and validated by test) as an undefined behaviour as a more explicit operation. Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
DominicJacksonBFX
pushed a commit
to boris-fx/mocha-openexr
that referenced
this issue
Jun 22, 2022
… decoder Technically, doing a logical right shift by the number of bits (or more) of a number is undefined behaviour. gcc / x86 seems to do (v >> (shift%bits)), meaning that a right shift of 64 would end up as a right shift of 0 on a uint64_t value. However, other platforms may shift by the full number of bits and produce and output 0, not the input. Instead of leaving this ambiguity, force the 0th value to be manually unrolled / extracted and to do what was there (and validated by test) as an undefined behaviour as a more explicit operation. Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello OpenEXR team,
As part of our fuzzing efforts at Google, we have identified an issue affecting
OpenEXR (tested with revision develop 165dcea).
To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/
TL;DR instructions:
mkdir projectcp Dockerfile /path/to/projectdocker build --no-cache /path/to/projectdocker run -it image_id_from_docker_buildFrom another terminal, outside the container:
docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer(reference: https://docs.docker.com/engine/reference/commandline/cp/)
And, back inside the container:
/fuzzing/repro.sh /fuzzing/reproducerAlternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team
artifacts_72367575.zip
The text was updated successfully, but these errors were encountered: