[LLVMbugs] [Bug 565] NEW: Corrupt bytecode file causes infinite loop allocating memory

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Thu May 12 11:46:10 PDT 2005


           Summary: Corrupt bytecode file causes infinite loop allocating
           Product: libraries
           Version: 1.4
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Support Libraries
        AssignedTo: rspencer at x10sys.com
        ReportedBy: sabre at nondot.org

This loop:

      // Decompress it
      int bzerr = BZ_OK;
      while (BZ_OK == (bzerr = BZ2_bzDecompress(&bzdata))) {
        if (0 != getdata_uns(bzdata.next_out, bzdata.avail_out,cb,context)) {
          throw std::string("Can't allocate output buffer");

Infinitely allocates memory if a bytecode file is truncated.  BZ2_bzDecompress
returns BZ_OK (saying 'give me more data') and we allocate more memory for it,
but don't give it any more data.  avail_in is zero.

This is a major problem.  BTW, the name 'getdata' to allocate memory should be
fixed.  Maybe 'grow_buffer' would be more appropriate?


------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the llvm-bugs mailing list