Bug 1351022 - bcrypt: "realloc invalid pointer" error for very small files
Summary: bcrypt: "realloc invalid pointer" error for very small files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: bcrypt
Version: 24
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-29 05:12 UTC by Matthew Cline
Modified: 2016-07-20 04:49 UTC (History)
1 user (show)

Fixed In Version: bcrypt-1.1-14.fc24 bcrypt-1.1-14.fc22 bcrypt-1.1-14.fc23 bcrypt-1.1-14.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-05 04:56:43 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Output of valgrind on bcrypt (2.60 KB, text/plain)
2016-06-30 01:42 UTC, Matthew Cline
no flags Details
Patch to fix fencepost error (394 bytes, patch)
2016-06-30 20:01 UTC, Matthew Cline
no flags Details | Diff

Description Matthew Cline 2016-06-29 05:12:39 UTC
If I try to use bcrypt on very small files (like less than 70 bytes) I get this error:

*** Error in `/usr/bin/bcrypt': realloc(): invalid pointer: 0x0000000000606640 ***

Attempting to get a stacktrace with gdb doesn't work since the error apparently isn't a crash, and I don't know where to set a breakpoint.

This is different than bug 1348122 since it still happens even if the "-r" flag is given, but is similar in that an output file is still generated.

Comment 1 Gwyn Ciesla 2016-06-29 13:26:01 UTC
I was able to encrypt and decrypt files of various sizes without issue, down to 1 Byte, with or without -r.  Is there a non-sensitive file you can share with me that causes this issue?

Comment 2 Matthew Cline 2016-06-30 01:42:28 UTC
Created attachment 1174292 [details]
Output of valgrind on bcrypt

Ohhh, it seems that the problem is happening because I've set the environmental variable  MALLOC_CHECK_ to 1.  I forgot that I set that for checking my own programs; sorry.

Before I realized that, I downloaded and compiled from Sourceforge the bcrypt 1.1 source, and used valgrind on it.  I've attached the valgrind output.

Comment 3 Gwyn Ciesla 2016-06-30 18:25:46 UTC
Ah, ok, so we have non-fatal memory leaks.  I'm not entirely certain of the best method of tightening up the calls in wrapbf.c that are at fault, but I'll look at it.  If you come up with a working patch I'll test.

Comment 4 Matthew Cline 2016-06-30 20:01:36 UTC
Created attachment 1174731 [details]
Patch to fix fencepost error

It's not a memory leak, but rather bcrypt reading from and writing to memory that hasn't been allocated.  This is caused by a fencepost error in padInput() in rwfile.c, leading bcrypt to accessing a single byte of unallocated memory after the realloc()'d region that should have been included by realloc().  The attached patch fixes the problem, with both MALLOC_CHECK_ and valgrind showing that everything is working fine.

Comment 5 Gwyn Ciesla 2016-06-30 20:10:45 UTC
So it does, thanks!  I'll get this out to all branches ASAP.

Comment 6 Fedora Update System 2016-06-30 20:33:12 UTC
bcrypt-1.1-14.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-18ef7d9719

Comment 7 Fedora Update System 2016-06-30 20:33:18 UTC
bcrypt-1.1-14.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5192647e

Comment 8 Fedora Update System 2016-06-30 20:33:22 UTC
bcrypt-1.1-14.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-23f91effd7

Comment 9 Fedora Update System 2016-06-30 20:33:25 UTC
bcrypt-1.1-14.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bd5ba01da3

Comment 10 Fedora Update System 2016-07-02 20:21:00 UTC
bcrypt-1.1-14.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bd5ba01da3

Comment 11 Fedora Update System 2016-07-02 20:24:32 UTC
bcrypt-1.1-14.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-18ef7d9719

Comment 12 Fedora Update System 2016-07-02 20:30:52 UTC
bcrypt-1.1-14.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5192647e

Comment 13 Fedora Update System 2016-07-02 20:56:05 UTC
bcrypt-1.1-14.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-23f91effd7

Comment 14 Fedora Update System 2016-07-05 04:56:41 UTC
bcrypt-1.1-14.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2016-07-12 02:21:27 UTC
bcrypt-1.1-14.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2016-07-12 02:25:25 UTC
bcrypt-1.1-14.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2016-07-20 04:49:33 UTC
bcrypt-1.1-14.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.