[Bug 1946731] Re: Uninitialised variable in 1.3.3 causes failure to decompress file

Gianfranco Costamagna 1946731 at bugs.launchpad.net
Thu Jul 6 05:57:51 UTC 2023 

This looks fixed with newer releases, and 18.04 is EOL (except for ESM
support)

** Changed in: libzstd (Ubuntu)
       Status: Incomplete => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libzstd in Ubuntu.
https://bugs.launchpad.net/bugs/1946731

Title:
  Uninitialised variable in 1.3.3 causes failure to decompress file

Status in libzstd package in Ubuntu:
  Fix Released

Bug description:
  Release of Ubuntu:              Ubuntu 18.04.5 LTS
  Architecture:                   aarch64
  Package version of libzstd-dev: 1.3.3+dfsg-2ubuntu1.2

  Ubuntu 18 has libzstd 1.3.3 which doesn't initialise the variable
  "legacyVersion" before use. You can see in the function
  ZSTD_decompressStream() that it is accessed in "if
  (zds->legacyVersion) {" but it is not cleared until
  "ZSTD_resetDStream(zds);" is called in "case zdss_init:".

  In 1.3.4 you can see that the legacy support block has been moved into
  "case zdss_loadHeader" which comes _after_ the initialisation has
  happened in "case zdss_init". I believe there is no upstream issue in
  libzstd to track this, but it was fixed as part of a commit to fix
  some of their own unit test failures.

  This issue causes a failure for readelf to open zstd compressed elf
  files (at least on aarch64, although because it's uninitialised, the
  behaviour may be random). Also any other application that uses
  ZSTD_createDCtx() followed by ZSTD_decompressStream() is vulnerable.

  A reproducer on Ubuntu 18.04.5 LTS aarch64 is:

    $ git clone git://sourceware.org/git/elfutils.git && cd elfutils
    $./configure --enable-maintainer-mode --disable-debuginfod
    $ make && make check

  Results in the zstd test failing:
    
    FAIL: run-readelf-compressed-zstd.sh

  The resulting readelf binary fails to open any compressed file:

    $ cd elfutils/tests
    $ zstd hello_i386.ko
    $ export LD_LIBRARY_PATH=~/elfutils/libdw:~/elfutils/backends:~/elfutils/libelf:~/elfutils/libasm
    $ ~/elfutils/src/readelf -z -a hello_i386.ko.zst
    
    readelf: cannot read ELF: invalid `Elf' handle

  After updating the library or forcing the variable to be initialised,
  the same readelf command results in printing the correct elf output.

  On Debian 10, version 1.3.8 of the library is available and this issue
  doesn't happen. But technically only 1.3.4 is needed.

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libzstd/+bug/1946731/+subscriptions

More information about the foundations-bugs mailing list