Open
Bug 1251258
Opened 9 years ago
Updated 2 years ago
Out-of-bounds access (ARRAY_VS_SINGLETON) in chacha20_vec.c
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(firefox47 affected)
NEW
Tracking | Status | |
---|---|---|
firefox47 | --- | affected |
People
(Reporter: franziskus, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1354247, CID 1354248, CID 1354249, CID 1354250, CID 1354251, CID 1354252, CID 1354253, CID 1354254, CID 1354255, CID 1354256, CID 1354257, CID 1354258)
Coverity reports multiple Out-of-bounds access (ARRAY_VS_SINGLETON) bugs in chacha20_vec.c. This covers CIDs 1354247 - 1354258
For example the following snippet:
> vec v0,v1,v2,v3,v4,v5,v6,v7;
> ...
> WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3)
WRITE_XOR obtains pointers to arrays here and thus might perform out-of-bound access.
While coverity is right, I don't think this is actually a problem and due to optimisation. This bug is to get some eyes on the code. If no one thinks this is dangerous, we can probably safely ignore those coverity bugs.
Comment 1•7 years ago
|
||
This will likely be fixed when we land HACL*'s vectorized ChaCha20 code. (There isn't a bug for that yet.)
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•