diff options
author | Mark Adler <madler@alumni.caltech.edu> | 2016-10-03 22:33:26 -0700 |
---|---|---|
committer | Mark Adler <madler@alumni.caltech.edu> | 2016-10-03 22:33:26 -0700 |
commit | e08118c401d5434b7b3a57039263f4fa9b1f7d1a (patch) | |
tree | e6eb59901c81c7b67c17bb4732ed84d4d6727d49 /crc32.c | |
parent | d1d577490c15a0c6862473d7576352a9f18ef811 (diff) | |
download | zlib-e08118c401d5434b7b3a57039263f4fa9b1f7d1a.tar.gz |
Note the violation of the strict aliasing rule in crc32.c.
See the comment for more details. This is in response to an issue
raised as a result of a security audit of the zlib code by Trail
of Bits and TrustInSoft, in support of the Mozilla Foundation.
Diffstat (limited to 'crc32.c')
-rw-r--r-- | crc32.c | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -237,6 +237,18 @@ unsigned long ZEXPORT crc32(crc, buf, len) #ifdef BYFOUR +/* + This BYFOUR code accesses the passed unsigned char * buffer with a 32-bit + integer pointer type. This violates the strict aliasing rule, where a + compiler can assume, for optimization purposes, that two pointers to + fundamentally different types won't ever point to the same memory. This can + manifest as a problem only if one of the pointers is written to. This code + only reads from those pointers. So long as this code remains isolated in + this compilation unit, there won't be a problem. For this reason, this code + should not be copied and pasted into a compilation unit in which other code + writes to the buffer that is passed to these routines. + */ + /* ========================================================================= */ #define DOLIT4 c ^= *buf4++; \ c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \ |