- Fix uninitalized value use bug in opt parser

yoniko · yoniko · commit 0a759edb3fb3 · 2023-01-24T23:55:38.000-08:00
- Fix off by one bug in `ZSTD_cwksp_owns_buffer`
- Better handle MSAN for init once memory
- Allow to pass custom MOREFLAGS into msan-% targets in Makefile
diff --git a/Makefile b/Makefile
@@ -320,7 +320,7 @@ msan: clean
 	$(MAKE) test CC=clang MOREFLAGS="-g -fsanitize=memory -fno-omit-frame-pointer -Werror" HAVE_LZMA=0   # datagen.c fails this test for no obvious reason
 
 msan-%: clean
-	LDFLAGS=-fuse-ld=gold MOREFLAGS="-g -fno-sanitize-recover=all -fsanitize=memory -fno-omit-frame-pointer -Werror" FUZZER_FLAGS=--no-big-tests $(MAKE) -C $(TESTDIR) HAVE_LZMA=0 $*
+	LDFLAGS=-fuse-ld=gold MOREFLAGS="-g -fno-sanitize-recover=all -fsanitize=memory -fno-omit-frame-pointer -Werror ${MOREFLAGS}" FUZZER_FLAGS=--no-big-tests $(MAKE) -C $(TESTDIR) HAVE_LZMA=0 $*
 
 asan32: clean
 	$(MAKE) -C $(TESTDIR) test32 CC=clang MOREFLAGS="-g -fsanitize=address"
diff --git a/lib/compress/zstd_cwksp.h b/lib/compress/zstd_cwksp.h
@@ -180,6 +180,9 @@ MEM_STATIC void ZSTD_cwksp_assert_internal_consistency(ZSTD_cwksp* ws) {
     assert(ws->allocStart <= ws->workspaceEnd);
     assert(ws->initOnceStart <= ws->workspaceEnd);
     assert((size_t)ws->allocStart % ZSTD_CWKSP_ALIGNMENT_BYTES == 0);
+#if ZSTD_MEMORY_SANITIZER
+    assert(__msan_test_shadow(ws->initOnceStart, (U8*)ws->workspaceEnd - (U8*)ws->initOnceStart) == -1);
+#endif
 }
 
 /**
@@ -316,7 +319,7 @@ ZSTD_cwksp_internal_advance_phase(ZSTD_cwksp* ws, ZSTD_cwksp_alloc_phase_e phase
  */
 MEM_STATIC int ZSTD_cwksp_owns_buffer(const ZSTD_cwksp* ws, const void* ptr)
 {
-    return (ptr != NULL) && (ws->workspace <= ptr) && (ptr <= ws->workspaceEnd);
+    return (ptr != NULL) && (ws->workspace <= ptr) && (ptr < ws->workspaceEnd);
 }
 
 /**
@@ -369,9 +372,22 @@ MEM_STATIC void* ZSTD_cwksp_reserve_aligned_init_once(ZSTD_cwksp* ws, size_t byt
                                             ZSTD_cwksp_alloc_aligned_init_once);
     assert(((size_t)ptr & (ZSTD_CWKSP_ALIGNMENT_BYTES-1))== 0);
     if(ptr && ptr < ws->initOnceStart) {
+#if !(ZSTD_ADDRESS_SANITIZER && !defined(ZSTD_ASAN_DONT_POISON_WORKSPACE))
+        /* We will not memset when poisoning the workspace as we already unpoison the buffer
+         * and want to maintain poisoned memory after its location.
+         * It would have been better to memset even in these conditions, so the memset
+         * is better tested, but I'm not sure how to make it work correctly. */
         ZSTD_memset(ptr, 0, (U8*)ws->initOnceStart - (U8*)ptr);
+#elif ZSTD_MEMORY_SANITIZER
+        /* We couldn't memset, so we should at least unpoison the memory to
+         * reduce false alarms from msan */
+        __msan_unpoison(ptr, (U8*)ws->initOnceStart - (U8*)ptr);
+#endif
         ws->initOnceStart = ptr;
     }
+#if ZSTD_MEMORY_SANITIZER
+    assert(__msan_test_shadow(ptr, bytes) == -1);
+#endif
     return ptr;
 }
 
diff --git a/lib/compress/zstd_opt.c b/lib/compress/zstd_opt.c
@@ -1086,6 +1086,8 @@ ZSTD_compressBlock_opt_generic(ZSTD_matchState_t* ms,
     ZSTD_optimal_t lastSequence;
     ZSTD_optLdm_t optLdm;
 
+    ZSTD_memset(&lastSequence, 0, sizeof(ZSTD_optimal_t));
+
     optLdm.seqStore = ms->ldmSeqStore ? *ms->ldmSeqStore : kNullRawSeqStore;
     optLdm.endPosInBlock = optLdm.startPosInBlock = optLdm.offset = 0;
     ZSTD_opt_getNextMatchAndUpdateSeqStore(&optLdm, (U32)(ip-istart), (U32)(iend-ip));
