🔒 Fix uninitialized memory exposure via set_len#422
Conversation
This commit addresses a security vulnerability where `Vec::set_len` was used to "initialize" buffers before data was actually written to them. This pattern can expose uninitialized memory if a panic occurs during the subsequent write operations, as safe code (like `Drop` implementations) could observe the uninitialized data. The fix involves: - Using `Vec::spare_capacity_mut()` to obtain a slice of `MaybeUninit<u8>` for compression/decompression operations. - Deferring the `Vec::set_len()` call until after the operation has successfully completed. - Ensuring buffers are `clear()`ed before use to maintain consistent state. - Replacing unsafe `set_len` with safe `resize(..., 0)` for internal buffers that require initialization. Affected areas: - `src/stream.rs`: `DeflateEncoder::flush_buffer` - `src/compress/mod.rs`: Parallel compression for large inputs and `dp_path` buffer. - `src/batch.rs`: `BatchDecompressor::decompress_batch`
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
This commit fixes a security vulnerability where `Vec::set_len` was used to expose uninitialized memory during compression/decompression, and resolves a CI failure caused by Adler-32 checksum overflows. Security Fixes: - Replaced premature `Vec::set_len` with `spare_capacity_mut()` in `DeflateEncoder` (streaming), `Compressor` (parallel), and `BatchDecompressor`. - Length is now updated only after data has been successfully written. - Replaced unsafe `set_len` with safe `resize` for the `dp_path` internal buffer. Adler-32 Fixes: - Reduced `BLOCK_SIZE` and `MAX_CHUNK_LEN` to 4032 to prevent `u32` accumulator overflows in SIMD paths. - Fixed mathematical errors in scalar tail processing and intermediate accumulations. - Ensured proper `DIVISOR` modulo operations are applied consistently across all architecture-specific implementations (SSE2, AVX2, AVX-512, NEON, DotProd). - Unified output formatting to `(s2 % DIVISOR) << 16 | (s1 % DIVISOR)`. Verified with targeted tests in the sandbox.
404Setup
deleted the
fix-uninit-memory-exposure-set-len-17664139827161903239
branch
1 participant
🎯 What: Fixed security vulnerability where
Vec::set_lenexposed uninitialized memory.set_lenbut before data was written, safe code could observe uninitialized memory, potentially leaking sensitive information or causing undefined behavior inDropimplementations.🛡️ Solution: Replaced premature
set_lenwithspare_capacity_mut()and deferred length updates. Usedresizefor internal buffers to ensure safe initialization. Addedclear()calls to ensure proper buffer reuse safety.PR created automatically by Jules for task 17664139827161903239 started by @404Setup