Buffer overflow in test_crypto_aes_iv
This is a test-only bug that is rather unlikely to affect anything. But still a bug.
src/test/test_crypto.c:733:
test_memneq(plain, decrypted2, encrypted_size);
Here, encrypted_size can be larger than 4095 (the size of "plain" buffer).
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000031cff at pc 0x7fcfb8d1e3e6 bp 0x7fffc71385f0 sp 0x7fffc71385c0 READ of size 4111 at 0x621000031cff thread T0 #0 0x7fcfb8d1e3e5 in interceptor_memcmp /code/llvm/build/../projects/compiler-rt/lib/asan/asan_interceptors.cc:282 #1 0x7fcfb8fb60af in test_crypto_aes_iv src/test/test_crypto.c:733 #2 (closed) 0x7fcfb925ab5c in testcase_run_bare src/ext/tinytest.c:89 #3 (closed) 0x7fcfb9259e82 in testcase_run_forked src/ext/tinytest.c:168 #4 (closed) 0x7fcfb92594bd in testcase_run_one src/ext/tinytest.c:222 #5 (closed) 0x7fcfb925d903 in tinytest_main src/ext/tinytest.c:347 #6 (closed) 0x7fcfb8d32b92 in main src/test/test.c:2118
0x621000031cff is located 0 bytes to the right of 4095-byte region [0x621000030d00,0x621000031cff) allocated by thread T0 here: #0 0x7fcfb8d21df2 in interceptor_malloc /code/llvm/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74 #1 0x7fcfb9ac3109 in tor_malloc src/common/util.c:143 #2 (closed) 0x7fcfb8fb1ec2 in test_crypto_aes_iv src/test/test_crypto.c:690 #3 (closed) 0x7fcfb925ab5c in testcase_run_bare src/ext/tinytest.c:89 #4 (closed) 0x7fcfb9259e82 in testcase_run_forked_ src/ext/tinytest.c:168 #5 (closed) 0x7fcfb92594bd in testcase_run_one src/ext/tinytest.c:222 #6 (closed) 0x7fcfb925d903 in tinytest_main src/ext/tinytest.c:347 #7 (closed) 0x7fcfb8d32b92 in main src/test/test.c:2118
Trac:
Username: eugenis