Fix use of uninitialized value issue from fuzzing#13140
Open
shukitchan wants to merge 1 commit into
Open
Conversation
Member
|
[approve ci freebsd clang-analyzer autest] |
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Refactors the FNV-1a hash implementations to ensure hash state is initialized deterministically (addressing fuzzing-reported uninitialized reads) and hardens HTTP/3 frame parsing against uninitialized stack data.
Changes:
- Move FNV init constants into the hash classes as
static constexprmembers and use in-class member initialization. - Simplify FNV-1a constructors to default constructors; update
clear()to use class init constants. - Zero-initialize the HTTP/3 frame type buffer before copying from the reader.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/tscore/HashFNV.cc |
Removes file-scope init constants, defaults constructors, and updates clear() to use class init constants. |
include/tscore/HashFNV.h |
Adds static constexpr fnv_init and in-class initialization of hval for 32/64-bit FNV-1a. |
src/proxy/http3/Http3Frame.cc |
Zero-initializes type_buf to avoid uninitialized bytes influencing frame type parsing. |
Comment on lines
509
to
510
| reader.memcpy(type_buf, sizeof(type_buf)); | ||
| Http3FrameType type = Http3Frame::type(type_buf, sizeof(type_buf)); |
Contributor
Author
There was a problem hiding this comment.
I will need some help to see if this comment makes sense or not.
Otherwise I think we can ignore it for now.
serrislew
approved these changes
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request refactors the FNV-1a hash implementation to simplify initialization and improve code clarity. The main changes involve moving the FNV initial constants into the class definitions as
constexprstatic members, initializing member variables directly, and simplifying constructors.Hash algorithm improvements:
FNV_INIT_32,FNV_INIT_64) into the respective classes (ATSHash32FNV1a,ATSHash64FNV1a) asstatic constexprmembers and used them to initializehvaldirectly in the class definition (include/tscore/HashFNV.h). [1] [2]clear()methods to use the newfnv_initstatic member instead of external constants (src/tscore/HashFNV.cc). [1] [2]ATSHash32FNV1aandATSHash64FNV1aby using default constructors instead of explicitly callingclear()(src/tscore/HashFNV.cc).Code style and safety:
type_bufbuffer inHttp3FrameFactory::createfor improved safety (src/proxy/http3/Http3Frame.cc).This fixes the reported fuzzing issues
https://oss-fuzz.com/testcase-detail/4669620266270720
https://oss-fuzz.com/testcase-detail/4793610426449920