Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bam,sam: fix zero and negativish value handling #110

Merged
merged 2 commits into from
Oct 17, 2017
Merged

bam,sam: fix zero and negativish value handling #110

merged 2 commits into from
Oct 17, 2017

Conversation

kortschak
Copy link
Member

@brentp Please take a look.

@kortschak
Copy link
Member Author

I am leaving the fuzzer running on the fixed code.

brentp
brentp approved these changes Oct 13, 2017
View reviewed changes
Copy link
Contributor

@brentp brentp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kortschak
bam: fix short read handling
d0dadd4 
Identified by go-fuzz.
@kortschak
Copy link
Member Author

Found a couple more that can be protected against. There are more, but they appear to be just massive over allocation that only cause a problem in a low memory environment. I'll make a new issue for those.

PTAL

brentp
brentp reviewed Oct 16, 2017
View reviewed changes
bam/reader.go
if b.len() < n {
b.err = io.ErrUnexpectedEOF
return nil
}
s := b.off
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wouldn't it be better to check that b.len() < n + b.off ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

b.len() is the number of remaining bytes in the buffer (see here).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah. right.

brentp
brentp approved these changes Oct 16, 2017
View reviewed changes
Copy link
Contributor

@brentp brentp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kortschak
Copy link
Member Author

I'm going to merge this though it does not fix all crashers. The remaining crashers seem to be only occurring when go-fuzz is running with multiple slaves, thus allowing memory exhaustion by concerted effort. I'm still not happy with the fact that small inputs can cause this, but it's reasonable I guess. I'll follow those at #111, and I'm continuing to run go-fuzz on the current state with a single slave to flush out any other cases here.

@kortschak kortschak merged commit 8ce58c7 into master Oct 17, 2017
@kortschak kortschak deleted the fuzzed branch October 17, 2017 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brentp brentp brentp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kortschak @brentp