github_mirrors/vectorscan
3
0
Fork 1
mirror of https://github.com/VectorCamp/vectorscan.git synced 2025-06-28 16:41:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed out of bounds read in AVX512VBMI version of fdr_exec_fat_teddy (#322)

Browse Source 
* Replaced the 32 byte read with a properly truncated mapped read
  * Added a unit test
This commit is contained in:
Rafał Dowgird 2024-12-23 15:01:10 +01:00 committed by dowgird
parent 7e0503c3b8
commit d2ebbe4780
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/fdr/teddy_fat.cpp
View File

@ -283,7 +283,7 @@ hwlm_error_t fdr_exec_fat_teddy_512vbmi_templ(const struct FDR *fdr,
if (likely(ptr + loopBytes <= buf_end)) {
u64a k0 = FAT_TEDDY_VBMI_CONF_MASK_HEAD;
m512 p_mask0 = set_mask_m512(~((k0 << 32) | k0));
m512 r_0 = prep_conf_fat_teddy_512vbmi_templ<NMSK>(&lo_mask, dup_mask, sl_msk, set2x256(loadu256(ptr)));
m512 r_0 = prep_conf_fat_teddy_512vbmi_templ<NMSK>(&lo_mask, dup_mask, sl_msk, set2x256(loadu_maskz_m256(k0, ptr)));
r_0 = or512(r_0, p_mask0);
CONFIRM_FAT_TEDDY_512(r_0, 16, 0, VECTORING, ptr);

26
unit/hyperscan/single.cpp
View File

@ -34,7 +34,7 @@
#include <string>
#include <tuple>
#include <sys/mman.h>
using namespace std;
using namespace testing;
@ -631,5 +631,29 @@ const TerminateMatchData terminateCases[] = {
INSTANTIATE_TEST_CASE_P(Single, HyperscanTestMatchTerminate, ValuesIn(terminateCases));
TEST(OutOfBoundRead, mmap) {
const char* pattern = "bat|cat|mat|rat|fat|sat|pat|hat|vat";
const char* corpus = "VAt hat pat sat fat rat mat ca";
// Use mmap to reliably get corpus at the and of mapped memory region
size_t buffer_len = (128<<20);
char* buffer = (char*) mmap(NULL, buffer_len * 2, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
munmap(buffer+buffer_len, buffer_len);
char* mmaped_corpus = strcpy(buffer + buffer_len - strlen(corpus) - 1, corpus);
hs_error_t err;
hs_scratch_t *scratch = nullptr;
hs_database_t *db = buildDBAndScratch(pattern, HS_FLAG_CASELESS, 0, HS_MODE_BLOCK, &scratch);
int count = 0;
err = hs_scan(db, mmaped_corpus, strlen(mmaped_corpus), 0, scratch, countHandler, &count);
ASSERT_EQ(HS_SUCCESS, err) << "hs_scan didn't return HS_SCAN_TERMINATED";
err = hs_free_scratch(scratch);
ASSERT_EQ(HS_SUCCESS, err);
hs_free_database(db);
munmap(buffer, buffer_len);
}
} // namespace