Closed Bug 1544980 Opened 6 years ago Closed 6 years ago

Update lz4 to 1.9.1

Categories

(Core :: MFBT, task)

Product:
Core
Component:
MFBT
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox68 --- fixed

People

(Reporter: RyanVM, Assigned: RyanVM)

References

Details

(Whiteboard: [third-party-lib-audit])

Attachments

(1 file)

Bug 1544980 - Update lz4 to version 1.9.1. r=froydnj
47 bytes, text/x-phabricator-request
Details | Review

Changes in v1.9.0:
perf: large decompression speed improvement on x86/x64 (up to +20%) by @djwatson
api : changed : _destSize() compression variants are promoted to stable API
api : new : LZ4_initStream(HC), replacing LZ4_resetStream(HC)
api : changed : LZ4_resetStream(HC) as recommended reset function, for better performance on small data

(In reply to Ryan VanderMeulen [:RyanVM] from comment #1)

Ruh roh, ASAN says it has a heap-buffer-overflow issue :(
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=240847972&repo=try&lineNumber=2463

I wouldn't be surprised if that's why it's faster.

Type: defect → task

Kris, do you have any idea why our Addon Manager startup code might be causing LZ4 to heap-buffer-overflow in ASAN builds? Non-ASAN builds all appears to be OK AFAICT.
https://hg.mozilla.org/try/rev/5273a90f351b7c5fe46473467d127dd1a6b098a3

Flags: needinfo?(kmaglione+bmo)

Hm. No obvious reason that I can see or think of. This is a buffer read overflow, and unfortunately the LZ4 API doesn't let us pass an input buffer size, only an output buffer size, so it's up to the LZ4 library to figure out how much to read.

Flags: needinfo?(kmaglione+bmo)

Actually, I guess there is a version that lets us specify the input size. I guess we should switch to that. But it would still be nice to know why the other version is broken.

(In reply to Kris Maglione [:kmag] from comment #5)

Actually, I guess there is a version that lets us specify the input size. I guess we should switch to that. But it would still be nice to know why the other version is broken.

Although it looks like that version is meant to be slower...

Someone else found the same issue and reported it (publicly) upstream.
https://github.com/lz4/lz4/issues/676

Upstream maintainer told me via email that a point release will be coming soon to fix it.

Comment 1 is private: false
Comment 2 is private: false
Comment 3 is private: false
Comment 4 is private: false
Comment 5 is private: false
Comment 6 is private: false

Updating the summary to reflect that we won't be updating until 1.9.1 comes out.

Summary: Update lz4 to 1.9.0 → Update lz4 to 1.9.1
Depends on: 1545521

v1.9.1 is out. Changes in the release:
fix : decompression functions were reading a few bytes beyond input size (introduced in v1.9.0, reported by @ppodolsky and @danlark1)
api : fix : lz4frame initializers compatibility with c++, reported by @degski

https://hg.mozilla.org/mozilla-central/rev/8d09ff545a5b

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

FYI, Coverity found 3 new issues in this lib. Two Explicit null dereferenced (medium severity) and one Large stack use (low severity)

I passed that info along to the upstream developer and they replied:

I've been looking at the static analyzer warnings,
and as suspected, they are false positives.

One common situation is that some variables have relations, while the static analyzer consider them freely independent.
For example, if dict == usingExtDict, then necessarily dictEnd != NULL,
but that's something that the static analyzer doesn't understand, so it analyzes an impossible combination.

In the past, I've been trying to add assert() to help the analysis, but the static analyzer would ignore them.
Not sure if there is a reasonable solution, I don't want to contort the source code just to please the analyzer,
but anything that helps readability in the other hand is welcomed.

Blocks: 1575293
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: