Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suppress warning of uninitialized value in fuzz-crypto #3946

Merged
merged 1 commit into from
May 7, 2024
Merged

Suppress warning of uninitialized value in fuzz-crypto #3946

merged 1 commit into from
May 7, 2024

Conversation

sauwming
Copy link
Member

@sauwming sauwming commented May 6, 2024 

==211664==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5a0bf6b3d930 in encode_base64_differential [pjsip/tests/fuzz/fuzz-crypto.c:63](https://github.com/pjsip/pjproject/blob/f38d781a82a2b51b51a9996d4d76bdd8e69304d4/tests/fuzz/fuzz-crypto.c#L63):18

Uninitialized value was created by an allocation of 'ssl_output' in the stack frame
    #0 0x5a0bf6b3d70b in encode_base64_differential [pjsip/tests/fuzz/fuzz-crypto.c:48](https://github.com/pjsip/pjproject/blob/f38d781a82a2b51b51a9996d4d76bdd8e69304d4/tests/fuzz/fuzz-crypto.c#L48):5

Note that I am unable to reproduce it locally and I believe the issue should not happen if the test data is within the minimum and maximum size.

But for robustness, it's better to initialize ssl_output and check the return value of BIO_get_mem_data().

BIO_get_mem_data() returns the total number of bytes available on success, 0 if b is NULL, or a negative value in case of other errors.

@sauwming sauwming self-assigned this May 6, 2024
@sauwming sauwming added this to the release-2.15 milestone May 6, 2024
@sauwming sauwming merged commit f406002 into master May 7, 2024
29 of 36 checks passed
@sauwming sauwming deleted the fuzz-crypto branch May 7, 2024 00:02
dshamaev-intermedia added a commit to intermedia-net/pjproject that referenced this pull request Jun 12, 2024
@github-actions @naf419
@goodicus @amubiera @xhit @sauwming @nanangizz @dshamaev-intermedia @pespin @trengginas @peldszus
Automated Pull Request (#86)
e9b9e72 
* Add missing openssl SECLEVEL=0 support (pjsip#3890)

Previous SECLEVEL support allowed for levels 1-5.
However, openssl defines levels 0-5. [1]

Recent openssl versions (3.0+) have moved previous
popular ciphers/key lengths (i.e. RSA1024withSHA1)
into level 0, so it is now a reasonable choice to use.

Add support for level 0.

[1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html

* Enable Late Offer Answer Mode (LOAM) feature in the pjsua (pjsip#3869)

* Fix warnings for 32-bit compiler and misc fixes. (pjsip#3896)

* Add some missing unlocks (pjsip#3893)

* Prevent race condition in DTLS media stop (pjsip#3901)

* Fix data race reported by ThreadSanitizer in caching pool (pjsip#3897)

* Fixed Metal renderer memory leak (pjsip#3909)

* Fixed DTLS clock stoppage race (pjsip#3905)

* Improve IP address change IPv4 <-> IPv6 (pjsip#3910)

* pjsua_acc: Fix warnings for comparison between ‘pjsua_nat64_opt’ and ‘enum pjsua_ipv6_use’ (pjsip#3915)

* Fix to ext_fmts accessed out of stack scope. (pjsip#3916)

* Add check in siprtp sample app for inactive audio media (pjsip#3927)

* Add function to initialize MediaFormat audio & video (pjsip#3925)

* Fixed incorrect SDP buffer length calculation (pjsip#3924)

* Support Push Notification in iOS sample app (pjsip#3913)

* Fixed PJSUA2 API to get/set Opus config (pjsip#3935)

* Fix bad address length check in pj_ioqueue_sendto(). (pjsip#3941)

* Fix warning of uninitialized value in fuzz-crypto (pjsip#3946)

* Print log on successful send (pjsip#3942)

* Fixed CI Mac build failure (pjsip#3947)

* Update Android JNI audio dev to use 16bit PCM only (pjsip#3945)

* Add TLS/SSL backend: Windows Schannel (pjsip#3867)

* pjsip_find_msg: Log warning if Content-Length field not found (pjsip#3960)

* Fix audiodev index (pjsip#3962)

* Fix assertion on call hangup from DTMF callback (pjsip#3970)

* Fix yaml error in github feature template (pjsip#3972)

* Fix version string in Python setup (pjsip#3976)

* Prevent pjmedia_codec_param.info.enc_ptime_denum division by zero in stream (pjsip#3975)

---------

Co-authored-by: naf <[email protected]>
Co-authored-by: Goodicus <[email protected]>
Co-authored-by: Amilcar Ubiera <[email protected]>
Co-authored-by: Santiago De la Cruz <[email protected]>
Co-authored-by: sauwming <[email protected]>
Co-authored-by: Nanang Izzuddin <[email protected]>
Co-authored-by: dshamaev-intermedia <[email protected]>
Co-authored-by: CI Bot <[email protected]>
Co-authored-by: Pau Espin Pedrol <[email protected]>
Co-authored-by: Riza Sulistyo <[email protected]>
Co-authored-by: Andreas Peldszus <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nanangizz nanangizz nanangizz approved these changes

@trengginas trengginas Awaiting requested review from trengginas

Assignees

@sauwming sauwming

Labels
component: unit-tests
Projects
None yet
Milestone
release-2.15
Development

Successfully merging this pull request may close these issues.
2 participants
@sauwming @nanangizz