undefined | Better HN

0 pointsCanaryLayout2y ago0 comments

Yeah... RISCV routine was put in, then some binary test files were added later that are probably now suspect.

don't miss out on the quality code, like the line that has: i += 4 - 2;

https://git.tukaani.org/?p=xz.git;a=commitdiff;h=50255feeaab...

0 comments

FWIW, "4 - 2" is explained earlier in the file:

  // The "-2" is included because the for-loop will
  // always increment by 2. In this case, we want to
  // skip an extra 2 bytes since we used 4 bytes
  // of input.
  i += 4 - 2;

gamer1912y ago

> some binary test files were added later that are probably now suspect

That's confirmed

From https://www.openwall.com/lists/oss-security/2024/03/29/4:

> The files containing the bulk of the exploit are in an obfuscated form in

> tests/files/bad-3-corrupt_lzma2.xz

> tests/files/good-large_compressed.lzma

> committed upstream. They were initially added in

> https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf...

m0dest2y ago

It probably makes sense to start isolating build processes from test case resources.

saagarjha2y ago

Sure but then you can smuggle it into basically any other part of the build process…?

j / k navigate · click thread line to collapse