UBSAN issue in `crypto_pwhash_scryptsalsa208sha256`
kamulos opened this issue · comments
kamulos commented
Using clang 13.0.1, I get a warning with the undefined behavior sanitizer when using the crypto_pwhash_scryptsalsa208sha256
function.
Example
#include <sodium.h>
int main()
{
uint8_t buffer[32];
int x = crypto_pwhash_scryptsalsa208sha256(
buffer, 32, "fdsa", 4, (const uint8_t*)"asdffdsaasdffdsaasdffdsaasdffdsa",
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE);
(void)x;
}
Then compile the libsodium and the test program using -fsanitize=undefined
.
The error message returned is:
crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c:65:24: runtime error: index 8 out of bounds for type 'uint64_t const[8]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c:65:24 in
crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c:65:9: runtime error: index 8 out of bounds for type 'uint64_t [8]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c:65:9 in
Frank Denis commented
You have to initialize the library with sodium_init() before using it.
kamulos commented
thanks, this just saved me from a very serious mistake in my program 😅