Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to verify untrusted buffers are valid schunks? #479

Open
milesgranger opened this issue May 9, 2023 · 1 comment
Open

How to verify untrusted buffers are valid schunks? #479

milesgranger opened this issue May 9, 2023 · 1 comment
Labels
help wanted

Comments

@milesgranger
Copy link
Contributor

milesgranger commented May 9, 2023
edited
Loading

When exporting a schunk via blosc2_schunk_to_buffer, one can reconstruct withblosc2_schunk_from_buffer. However, if one attempts to call the latter with an invalid buffer it succeeds and then segfaults when calling subsequent blosc2 functions, like blosc2_schunk_avoid_cframe_free in my case.

Is there a way (perhaps I've missed) to verify it's a valid buffer beforehand? I've naively attempted blosc2_cbuffer_sizes to check if that returns an error, however it seems that's only meant for chunks, not schunks.
@FrancescAlted
Copy link
Member

I don't think we currently have an API to test a valid schunk buffer beforehand.

A possible solution is to check for the 'b2frame' string in the schunk header. But this can be unsafe, and this is why we have added some space for storing a fingerprint in the schunk trailer. Unfortunately we have not implemented neither the fingerprint calculation (and hence, there is no check for it yet).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FrancescAlted @milesgranger