Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zstd 1.5.4 crashes when trying to compress a file in a directory without write permissions #3523

Closed
botovq opened this issue Mar 3, 2023 · 0 comments
Closed

zstd 1.5.4 crashes when trying to compress a file in a directory without write permissions #3523

botovq opened this issue Mar 3, 2023 · 0 comments
Assignees
@felixhandte
Labels
bug

Comments

@botovq
Copy link

botovq commented Mar 3, 2023
edited
Loading

Describe the bug

Trying to compress a file in a directory without write permissions results in a segfault of zstd-1.5.4 on at least OpenBSD and Fedora 36.

To Reproduce

[tb@fedora zstd-1.5.4]$ ./zstd /etc/motd
zstd: /etc/motd.zst: Permission denied
Segmentation fault (core dumped)
[tb@fedora zstd-1.5.4]$

Expected behavior
zstd errors out instead of dumping core.

Desktop (please complete the following information):

  • OS: OpenBSD and Fedora
  • Version [e.g. 22] 7.2 and 36
  • Compiler [e.g. gcc] gcc
  • Flags [e.g. O2] defaults
  • Other relevant hardware specs [e.g. Dual-core] dual core
  • Build system [e.g. Makefile] gmake

Additional context

The problem is that setvbuf() is not NULL-safe. A possible fix is this:

--- programs/fileio.c.orig
+++ programs/fileio.c
@@ -644,6 +644,7 @@ FIO_openDstFile(FIO_ctx_t* fCtx, FIO_prefs_t* const pr
 #endif
         if (f == NULL) {
             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+            return NULL;
         }
         /* An increased buffer size can provide a significant performance boost on some platforms.
          * Note that providing a NULL buf with a size that's not 0 is not defined in ANSI C, but is defined

This avoids running into setvbuf(NULL, ...) a few lines later:

zstd/programs/fileio.c

Lines 645 to 657 in 1be9529

if (f == NULL) {
DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
}
/* An increased buffer size can provide a significant performance boost on some platforms.
* Note that providing a NULL buf with a size that's not 0 is not defined in ANSI C, but is defined
* in an extension. There are three possibilities here -
* 1. Libc supports the extended version and everything is good.
* 2. Libc ignores the size when buf is NULL, in which case everything will continue as if we didn't
* call `setvbuf`.
* 3. We fail the call and execution continues but a warning message might be shown.
* In all cases due execution continues. For now, I believe that this is a more cost-effective
* solution than managing the buffers allocations ourselves (will require an API change). */
if(setvbuf(f, NULL, _IOFBF, 1 MB))

@botovq botovq changed the title zstd 1.5.4 crashes when trying to compress a binary in a directory without write permissions zstd 1.5.4 crashes when trying to compress a file in a directory without write permissions Mar 3, 2023
@Cyan4973 Cyan4973 added the bug label Mar 3, 2023
@felixhandte felixhandte self-assigned this Mar 3, 2023
@felixhandte felixhandte mentioned this issue Mar 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@felixhandte felixhandte

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Cyan4973 @felixhandte @botovq