From 9f1a6d6f9a258886933a22239a5b81af34b28199 Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Wed, 15 May 2024 23:14:17 +0300 Subject: [PATCH] Build: Temporarily disable CRC CLMUL to silence OSS Fuzz The code makes aligned 16-byte reads which may read up to 15 bytes before the beginning or past the end of the buffer if the buffer is misaligned. The unneeded bytes are then ignored. It cannot cross page boundaries and thus cannot cause access violations. This inherently trips address sanitizer which was already disabled with __attribute__((__no_sanitize_address__)). However, it also trips memory sanitizer if the extra bytes are uninitialized because memory sanitizer doesn't see that those bytes then get ignored by byte shuffling in the xmm registers. The plan is to change the code so that all sanitizers pass but it's not finished yet (performance shouldn't get worse) so as a temporary measure to keep OSS Fuzz happy, the CLMUL CRC is now disabled even though I think think the code is fine to use (and easy enough to review the memory accesses in it too). --- configure.ac | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2e3320f0..57831048 100644 --- a/configure.ac +++ b/configure.ac @@ -373,10 +373,12 @@ AM_CONDITIONAL(COND_ASM_X86, test "x$enable_assembler" = xx86) # CLMUL CRC # ############# +# FIXME: Turn it back on by default once the code has been revised +# to not cause false alarms in sanitizers and thus in OSS Fuzz. AC_ARG_ENABLE([clmul-crc], AS_HELP_STRING([--disable-clmul-crc], [Do not use carryless multiplication for CRC calculation even if support for it is detected.]), - [], [enable_clmul_crc=yes]) + [], [enable_clmul_crc=no]) ############################