Open
Bug 1251258
Opened 8 years ago
Updated 2 years ago
Out-of-bounds access (ARRAY_VS_SINGLETON) in chacha20_vec.c
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(firefox47 affected)
NEW
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | affected |
People
(Reporter: franziskus, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1354247, CID 1354248, CID 1354249, CID 1354250, CID 1354251, CID 1354252, CID 1354253, CID 1354254, CID 1354255, CID 1354256, CID 1354257, CID 1354258)
Coverity reports multiple Out-of-bounds access (ARRAY_VS_SINGLETON) bugs in chacha20_vec.c. This covers CIDs 1354247 - 1354258
For example the following snippet:
> vec v0,v1,v2,v3,v4,v5,v6,v7;
> ...
> WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3)
WRITE_XOR obtains pointers to arrays here and thus might perform out-of-bound access.
While coverity is right, I don't think this is actually a problem and due to optimisation. This bug is to get some eyes on the code. If no one thinks this is dangerous, we can probably safely ignore those coverity bugs.
|
||
Comment 1•7 years ago
|
||
This will likely be fixed when we land HACL*'s vectorized ChaCha20 code. (There isn't a bug for that yet.)
Priority: -- → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•