On Thu, Oct 23, 2025 at 03:29:08PM +0200, Frank Busse wrote:
> Hi,
>
> and another one reported by KLEE:
>
> ---
> $ printf "" | ./sha512-224sum
> ERROR: AddressSanitizer: stack-buffer-overflow
> ---
>
> Best,
>
> Frank
>
Maybe a starting point is in with processblock():
libutil/sha512.c: sha512_update() (defined in sha512-224.h).
There might be a mismatch in the buffer that is available there.
Initial commit for sha512-224:
a392cd475e1d164c940ab3e3cb893f533af2445a
It is probably adapted from the sha512 implementation, but with some size mismatch.
We should add more references on how this implementation came to be (if there
is any?). "public domain sha512/224 implementation based on fips180-3".
My small peasant brain is too simple for this crypto stuff.
Do we even need this variant of sha512-224? Maybe a rm is a simple solution.
--
Kind regards,
Hiltjo
Received on Sun Oct 26 2025 - 12:30:57 CET