diff mbox series

buffer overflow in libctf tests

Message ID	ZihitM6mfTV6ggfH@squeak.grove.modra.org
State	New
Headers	DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 54D23385840D Date: Wed, 24 Apr 2024 11:09:00 +0930 From: Alan Modra <amodra@gmail.com> To: binutils@sourceware.org Subject: buffer overflow in libctf tests Message-ID: <ZihitM6mfTV6ggfH@squeak.grove.modra.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: list Errors-To: binutils-bounces+patchwork=sourceware.org@sourceware.org
Series	buffer overflow in libctf tests \| buffer overflow in libctf tests

Checks

Context	Check	Description
linaro-tcwg-bot/tcwg_binutils_build--master-arm	warning	Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64	warning	Patch is already merged

Commit Message

Alan Modra April 24, 2024, 1:39 a.m. UTC

  * testsuite/libctf-regression/gzrewrite.c (main): Don't overflow
       "a" buffer in "after adding types" check.
       * testsuite/libctf-regression/zrewrite.c (main): Likewise.

Comments

Nick Alcock April 24, 2024, 3:41 p.m. UTC | #1

On 24 Apr 2024, Alan Modra outgrape:

>        * testsuite/libctf-regression/gzrewrite.c (main): Don't overflow
>        "a" buffer in "after adding types" check.
>        * testsuite/libctf-regression/zrewrite.c (main): Likewise.

Was I *asleep* when I wrote these?

(And how did this escape the sanitizer checks, valgrind checks etc I
was doing, of which there were many...)

Obviously correct: thank you!

diff mbox series

Patch

diff --git a/libctf/testsuite/libctf-regression/gzrewrite.c b/libctf/testsuite/libctf-regression/gzrewrite.c
index 99722200950..2e679e85bfe 100644
--- a/libctf/testsuite/libctf-regression/gzrewrite.c
+++ b/libctf/testsuite/libctf-regression/gzrewrite.c
@@ -114,7 +114,7 @@  main (int argc, char *argv[])
   if ((b = read_gz ("tmpdir/two.gz", &b_len)) == NULL)
     goto read_err;
 
-  if (memcmp (a, b, b_len) == 0)
+  if (a_len == b_len && memcmp (a, b, b_len) == 0)
     {
       fprintf (stderr, "gzwrites after adding types does not change the dict\n");
       return 1;
diff --git a/libctf/testsuite/libctf-regression/zrewrite.c b/libctf/testsuite/libctf-regression/zrewrite.c
index a88c824b568..5e061f10a5f 100644
--- a/libctf/testsuite/libctf-regression/zrewrite.c
+++ b/libctf/testsuite/libctf-regression/zrewrite.c
@@ -109,7 +109,7 @@  main (int argc, char *argv[])
 
   b = read_file ("tmpdir/two", &b_len);
 
-  if (memcmp (a, b, b_len) == 0)
+  if (a_len == b_len && memcmp (a, b, b_len) == 0)
     {
       fprintf (stderr, "compress_writes after adding types does not change the dict\n");
       return 1;