Note the violation of the strict aliasing rule in crc32.c.

See the comment for more details. This is in response to an issue raised as a result of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation.
author: Mark Adler <madler@alumni.caltech.edu> 2016-10-03 22:33:26 -0700
committer: Mark Adler <madler@alumni.caltech.edu> 2016-10-03 22:33:26 -0700
commit: e08118c401d5434b7b3a57039263f4fa9b1f7d1a (patch)
tree: e6eb59901c81c7b67c17bb4732ed84d4d6727d49 /crc32.c
parent: d1d577490c15a0c6862473d7576352a9f18ef811 (diff)
download: zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.gz
zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.bz2
zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/crc32.c b/crc32.c
index 05733f4..d49f39c 100644
--- a/crc32.c
+++ b/crc32.c
@@ -237,6 +237,18 @@ unsigned long ZEXPORT crc32(crc, buf, len)
 #ifdef BYFOUR
+/*
+   This BYFOUR code accesses the passed unsigned char * buffer with a 32-bit
+   integer pointer type. This violates the strict aliasing rule, where a
+   compiler can assume, for optimization purposes, that two pointers to
+   fundamentally different types won't ever point to the same memory. This can
+   manifest as a problem only if one of the pointers is written to. This code
+   only reads from those pointers. So long as this code remains isolated in
+   this compilation unit, there won't be a problem. For this reason, this code
+   should not be copied and pasted into a compilation unit in which other code
+   writes to the buffer that is passed to these routines.
+ */
 /* ========================================================================= */
 #define DOLIT4 c ^= *buf4++; \
        c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \
author	Mark Adler <madler@alumni.caltech.edu>	2016-10-03 22:33:26 -0700
committer	Mark Adler <madler@alumni.caltech.edu>	2016-10-03 22:33:26 -0700
commit	e08118c401d5434b7b3a57039263f4fa9b1f7d1a (patch)
tree	e6eb59901c81c7b67c17bb4732ed84d4d6727d49 /crc32.c
parent	d1d577490c15a0c6862473d7576352a9f18ef811 (diff)
download	zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.gz zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.bz2 zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.zip

diff --git a/crc32.c b/crc32.c index 05733f4..d49f39c 100644 --- a/crc32.c +++ b/crc32.c
@@ -237,6 +237,18 @@ unsigned long ZEXPORT crc32(crc, buf, len)
237		237
238	#ifdef BYFOUR	238	#ifdef BYFOUR
239		239
		240	/*
		241	This BYFOUR code accesses the passed unsigned char * buffer with a 32-bit
		242	integer pointer type. This violates the strict aliasing rule, where a
		243	compiler can assume, for optimization purposes, that two pointers to
		244	fundamentally different types won't ever point to the same memory. This can
		245	manifest as a problem only if one of the pointers is written to. This code
		246	only reads from those pointers. So long as this code remains isolated in
		247	this compilation unit, there won't be a problem. For this reason, this code
		248	should not be copied and pasted into a compilation unit in which other code
		249	writes to the buffer that is passed to these routines.
		250	*/
		251
240	/* ========================================================================= */	252	/* ========================================================================= */
241	#define DOLIT4 c ^= *buf4++; \	253	#define DOLIT4 c ^= *buf4++; \
242	c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \	254	c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \