aboutsummaryrefslogtreecommitdiff
path: root/crc32.c
diff options
context:
space:
mode:
authorMark Adler <madler@alumni.caltech.edu>2016-10-03 22:33:26 -0700
committerMark Adler <madler@alumni.caltech.edu>2016-10-03 22:33:26 -0700
commite08118c401d5434b7b3a57039263f4fa9b1f7d1a (patch)
treee6eb59901c81c7b67c17bb4732ed84d4d6727d49 /crc32.c
parentd1d577490c15a0c6862473d7576352a9f18ef811 (diff)
downloadzlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.gz
zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.bz2
zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.zip
Note the violation of the strict aliasing rule in crc32.c.
See the comment for more details. This is in response to an issue raised as a result of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation.
Diffstat (limited to 'crc32.c')
-rw-r--r--crc32.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/crc32.c b/crc32.c
index 05733f4..d49f39c 100644
--- a/crc32.c
+++ b/crc32.c
@@ -237,6 +237,18 @@ unsigned long ZEXPORT crc32(crc, buf, len)
237 237
238#ifdef BYFOUR 238#ifdef BYFOUR
239 239
240/*
241 This BYFOUR code accesses the passed unsigned char * buffer with a 32-bit
242 integer pointer type. This violates the strict aliasing rule, where a
243 compiler can assume, for optimization purposes, that two pointers to
244 fundamentally different types won't ever point to the same memory. This can
245 manifest as a problem only if one of the pointers is written to. This code
246 only reads from those pointers. So long as this code remains isolated in
247 this compilation unit, there won't be a problem. For this reason, this code
248 should not be copied and pasted into a compilation unit in which other code
249 writes to the buffer that is passed to these routines.
250 */
251
240/* ========================================================================= */ 252/* ========================================================================= */
241#define DOLIT4 c ^= *buf4++; \ 253#define DOLIT4 c ^= *buf4++; \
242 c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \ 254 c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \