[PATCH 00/11] reftable: harden against corrupted tables

[PATCH 00/11] reftable: harden against corrupted tables · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 01/11] meson: support building fuzzers with libFuzzer · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 02/11] oss-fuzz: add fuzzer for parsing reftables · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 03/11] reftable/basics: fix OOB read on binary search of empty range · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 04/11] reftable/record: don't abort when decoding invalid ref value type · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 05/11] reftable/block: fix OOB write with bogus inflated log size · Patrick Steinhardt <hidden> · 2026-06-24
Re: [PATCH 05/11] reftable/block: fix OOB write with bogus inflated log size · Christian Couder <hidden> · 2026-06-26
Re: [PATCH 05/11] reftable/block: fix OOB write with bogus inflated log size · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH 06/11] reftable/block: fix OOB read with bogus block size · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 07/11] reftable/block: fix OOB read with bogus restart count · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 08/11] reftable/block: fix use of uninitialized memory when binsearch fails · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 09/11] reftable/block: fix OOB read with bogus restart offset · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 10/11] reftable/table: fix NULL pointer access when seeking to bogus offsets · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH 11/11] reftable/table: fix OOB read on truncated table · Patrick Steinhardt <hidden> · 2026-06-24
[PATCH v2 00/12] reftable: harden against corrupted tables · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 01/12] meson: support building fuzzers with libFuzzer · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 02/12] oss-fuzz: add fuzzer for parsing reftables · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 03/12] reftable/basics: fix OOB read on binary search of empty range · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 04/12] reftable/record: don't abort when decoding invalid ref value type · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 05/12] t/unit-tests: introduce test helper to write reftable blocks · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 06/12] reftable/block: fix OOB write with bogus inflated log size · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 07/12] reftable/block: fix OOB read with bogus block size · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 08/12] reftable/block: fix OOB read with bogus restart count · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 09/12] reftable/block: fix use of uninitialized memory when binsearch fails · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 10/12] reftable/block: fix OOB read with bogus restart offset · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 11/12] reftable/table: fix NULL pointer access when seeking to bogus offsets · Patrick Steinhardt <hidden> · 2026-06-29
[PATCH v2 12/12] reftable/table: fix OOB read on truncated table · Patrick Steinhardt <hidden> · 2026-06-29

HOTtoday

Revisions (2)

2026-06-24 v1 current
2026-06-29 v2 [diff vs current]

From: Patrick Steinhardt <hidden>
Date: 2026-06-24 08:23:31

Hi,

this patch series addresses a bunch of errors that may happen when
trying to read corrupted tables. These errors include out-of-bounds
writes, out-of-bounds reads and the ability to hit abort(3p) calls.

The out-of-bounds write was originally reported by awo on the security
mailing list. As we never transfer reftables over the protocol it would
require local disk access to create such corrupted reftables, so there
isn't really an easy way to exploit these.

In any case, I took that chance and wrote a fuzzer for parsing the
tables, which surfaced a bunch of issues. At the end of this series
though the fuzzer can now run for an extended amount of time (2hrs+)
without surfacing any new issues.

Thanks!

Patrick

---
Patrick Steinhardt (11):
      meson: support building fuzzers with libFuzzer
      oss-fuzz: add fuzzer for parsing reftables
      reftable/basics: fix OOB read on binary search of empty range
      reftable/record: don't abort when decoding invalid ref value type
      reftable/block: fix OOB write with bogus inflated log size
      reftable/block: fix OOB read with bogus block size
      reftable/block: fix OOB read with bogus restart count
      reftable/block: fix use of uninitialized memory when binsearch fails
      reftable/block: fix OOB read with bogus restart offset
      reftable/table: fix NULL pointer access when seeking to bogus offsets
      reftable/table: fix OOB read on truncated table

 Makefile                            |   1 +
 ci/run-build-and-minimal-fuzzers.sh |   1 +
 meson.build                         |  15 +++
 meson_options.txt                   |   2 +
 oss-fuzz/.gitignore                 |   1 +
 oss-fuzz/fuzz-reftable.c            |  74 ++++++++++++++
 oss-fuzz/meson.build                |   2 +
 reftable/basics.c                   |   3 +
 reftable/block.c                    |  39 +++++++-
 reftable/record.c                   |   6 +-
 reftable/table.c                    |   7 ++
 t/unit-tests/u-reftable-basics.c    |  11 +++
 t/unit-tests/u-reftable-block.c     | 186 ++++++++++++++++++++++++++++++++++++
 t/unit-tests/u-reftable-record.c    |  24 +++++
 t/unit-tests/u-reftable-table.c     |  91 ++++++++++++++++++
 15 files changed, 456 insertions(+), 7 deletions(-)


---
base-commit: ab776a62a78576513ee121424adb19597fbb7613
change-id: 20260623-pks-reftable-hardening-f54de69fea63

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help