[LLVMbugs] [Bug 565] NEW: Corrupt bytecode file causes infinite loop allocating memory
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Thu May 12 11:46:10 PDT 2005
http://llvm.cs.uiuc.edu/bugs/show_bug.cgi?id=565
Summary: Corrupt bytecode file causes infinite loop allocating
memory
Product: libraries
Version: 1.4
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P2
Component: Support Libraries
AssignedTo: rspencer at x10sys.com
ReportedBy: sabre at nondot.org
This loop:
// Decompress it
int bzerr = BZ_OK;
while (BZ_OK == (bzerr = BZ2_bzDecompress(&bzdata))) {
if (0 != getdata_uns(bzdata.next_out, bzdata.avail_out,cb,context)) {
BZ2_bzDecompressEnd(&bzdata);
throw std::string("Can't allocate output buffer");
}
}
Infinitely allocates memory if a bytecode file is truncated. BZ2_bzDecompress
returns BZ_OK (saying 'give me more data') and we allocate more memory for it,
but don't give it any more data. avail_in is zero.
This is a major problem. BTW, the name 'getdata' to allocate memory should be
fixed. Maybe 'grow_buffer' would be more appropriate?
-Chris
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the llvm-bugs
mailing list