| Message ID | b4ecb76a1c47dfac8344706e365686bd2620affe.1666877952.git.szabolcs.nagy@arm.com |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id 9E8303829BF2
for <patchwork@sourceware.org>; Thu, 27 Oct 2022 15:37:51 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9E8303829BF2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
s=default; t=1666885071;
bh=Gif0sWXhROUG1GWvzhZEFPQlTih9FOhU8jNB9HGCQIs=;
h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=JboUp5zIVSOKhuOCVR7paaQsFTkn8KoJyYDBjTLVHwrccU7J2c4pNZ1LpFEkK2kXE
YBlQeEEqfp8+tpyExcSmcmEZKfMuG3NOHsbuT/NRRHidKN156D/nlrVV9bBmA72gmZ
r0JWrtBpRZmGeB9Wy8P3x8FX6qSjdH+4W3lfLiAo=
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from EUR03-DBA-obe.outbound.protection.outlook.com
(mail-dbaeur03on2084.outbound.protection.outlook.com [40.107.104.84])
by sourceware.org (Postfix) with ESMTPS id B11F0385151B
for <libc-alpha@sourceware.org>; Thu, 27 Oct 2022 15:33:48 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B11F0385151B
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=AmlrlGdgn9GIt9q7BQbO6xz9AMyAwriShv8U0xFmAovs/X5yhskmDRmR+XQ+P0T5/F6ZPRS4K2STwW25SWpoWH8SZnVGoYNIJvv48i8ydOgG5Fg0wSGjk54gC3DWXhNiZ2BArcuLQDYwJPdTtYcu1iLqP1eT5aaiJyLcQOi1YfH/LH9XfEvETIDXZm2+fdZmt300M7/9NtH+A1XLrzZVERI0Fsi2v3qqH6JwcsBjN6OL0yooCic9TtXEOwgDSKlLHNpTAaj9NQ22iJCuhz0SPoLyAd/bHvUA9RqRDpYx2Q0vB2nvKbRS58uL1UYLSTzOjc4ZH2tYCtoUXvQW150/3w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Gif0sWXhROUG1GWvzhZEFPQlTih9FOhU8jNB9HGCQIs=;
b=OmzNIRmvIGcn67mwTo+nvLIu9CeG822Qac1gFLYt5DdP8OzHzsDkzYFJn2u3FkOJ0yT+KJw0n1Ern50Qz4qhg6hdCijl/q0bGvP8OhuFupgZ3HsIWItRTCCMPSptQBUxw1DtG629KCBTFiQOe8sGwrKqYiVf64QZkkTFY3k2wGNYWswAzm31iD7VxoLriaYfaZzgiUtraUuGOu6D63PGRGVMXCgSWhNnIGseayS/TGyNxbi7kxxKfRvZIDWuXtYAfHCAZqALKnxnXio6MUHkdJGoA9+prEu8ebkm67v53zt1HkIezmACPL2JPEYu9KiCREURMZ0JV3WIykzcQGbL9A==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com;
dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com;
dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0
oda=1 ltdi=1 spf=[1, 1, smtp.mailfrom=arm.com] dmarc=[1, 1,
header.from=arm.com])
Received: from DU2PR04CA0162.eurprd04.prod.outlook.com (2603:10a6:10:2b0::17)
by DBBPR08MB5962.eurprd08.prod.outlook.com (2603:10a6:10:202::15)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.29; Thu, 27 Oct
2022 15:33:46 +0000
Received: from DBAEUR03FT059.eop-EUR03.prod.protection.outlook.com
(2603:10a6:10:2b0:cafe::a9) by DU2PR04CA0162.outlook.office365.com
(2603:10a6:10:2b0::17) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.23 via Frontend
Transport; Thu, 27 Oct 2022 15:33:46 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
smtp.mailfrom=arm.com; dkim=pass (signature was verified)
header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
63.35.35.123 as permitted sender) receiver=protection.outlook.com;
client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
DBAEUR03FT059.mail.protection.outlook.com (100.127.142.102) with
Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5769.14 via Frontend Transport; Thu, 27 Oct 2022 15:33:46 +0000
Received: ("Tessian outbound b4aebcc5bc64:v130");
Thu, 27 Oct 2022 15:33:46 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: c2a68d14b5087567
X-CR-MTA-TID: 64aa7808
Received: from e1d654550a55.1
by 64aa7808-outbound-1.mta.getcheckrecipient.com id
E4E7F4DA-8937-424B-B000-DED55FB3A69C.1;
Thu, 27 Oct 2022 15:33:39 +0000
Received: from EUR03-AM7-obe.outbound.protection.outlook.com
by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id
e1d654550a55.1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
Thu, 27 Oct 2022 15:33:39 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ntwGXgvqNChc50X493dZfQD3ZDb4j3U8cmXZkgGBCv5HATTkMRDyN4GUI/8YdhkaZ3+lRJp+gBZx/EPZA2Q2ZNYGm74AKneiJYf3sG+6F4tTr6VrPgqxY9qK/IcrxmJZFEC9mUayWO2ych933ZzuepblqUxPDGm1otAcok4/RGWMjlpqyz2s7AlPUgFQKAKdFrYJ4ZNagztfTr9OUyp7c0paIBwhOaqsYggl3oOBNJ16n2HafZmyki8EVhpoBvA59nJb37gUnGMTPz/aexIy5aqHBQePU05Jbbs2zN7MSeTdwNy9ZuKJyCPVjb8UP07QrqHPXUJSxlGUucvy9uLI4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Gif0sWXhROUG1GWvzhZEFPQlTih9FOhU8jNB9HGCQIs=;
b=QT1/i0IeejdylFTmURaQc9xe43A7l2iOI276xRVf33RJwFbBh3cWKdEgu+NM47nUBt17qp8IzoNCYAr9rQ7sAmaKwgbr86btzJoBpxhUMbHtT+wZvnquyAVP+yhpsw3B0nX78hMo76m7jWwNBUFe04ZTcDqb1b2BFRdTcHTPsfkNjKDmd+agY8l9viXxx3SptHSPY9oMksQFRbvzxNcDmdJzpZGBnGVDC43LJxIbJ7wGHt1RsaGuc0HPGgBbUXOKH3rF3wZbmWiJ2NM9mF/PBr5Bbh1o/nRofIPJkNcHDBetZ3tJNBBAg94evLv8A3A7ls3TT9cXSY9MeFNg9N0fyw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com;
dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com;
dkim=none (message not signed); arc=none
Received: from AM6P195CA0081.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:86::22)
by DBAPR08MB5718.eurprd08.prod.outlook.com (2603:10a6:10:1a9::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct
2022 15:33:37 +0000
Received: from AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com
(2603:10a6:209:86:cafe::c0) by AM6P195CA0081.outlook.office365.com
(2603:10a6:209:86::22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28 via Frontend
Transport; Thu, 27 Oct 2022 15:33:37 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234)
smtp.mailfrom=arm.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
40.67.248.234 as permitted sender) receiver=protection.outlook.com;
client-ip=40.67.248.234; helo=nebula.arm.com; pr=C
Received: from nebula.arm.com (40.67.248.234) by
AM7EUR03FT032.mail.protection.outlook.com (100.127.140.65) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5746.16 via Frontend Transport; Thu, 27 Oct 2022 15:33:37 +0000
Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com
(10.251.24.31) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Thu, 27 Oct
2022 15:33:37 +0000
Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com
(10.251.24.31) with Microsoft SMTP Server id 15.1.2507.12 via Frontend
Transport; Thu, 27 Oct 2022 15:33:36 +0000
To: <libc-alpha@sourceware.org>
Subject: [PATCH 16/20] Fix malloc/tst-scratch_buffer OOB access
Date: Thu, 27 Oct 2022 16:33:36 +0100
Message-ID:
<b4ecb76a1c47dfac8344706e365686bd2620affe.1666877952.git.szabolcs.nagy@arm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1666877952.git.szabolcs.nagy@arm.com>
References: <cover.1666877952.git.szabolcs.nagy@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-EOPAttributedMessage: 1
X-MS-TrafficTypeDiagnostic:
AM7EUR03FT032:EE_|DBAPR08MB5718:EE_|DBAEUR03FT059:EE_|DBBPR08MB5962:EE_
X-MS-Office365-Filtering-Correlation-Id: d7faaca8-a27b-49af-d051-08dab830a359
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
s/484bnvUNQYUt+LqkSb02nr8T5EdcSp95mIuy+uEQg0GtyGLJH9qxf5CCPIXd6LV9h8c0Cc1w8csqLCoy8lKpn5I/rqdNYZKlq1S/vVp6ZKj2OYTEL2eHTgp+/495XOsJNoUZOKvVZaIjRKNTwWzMiHCdQt5iTFcEYbKGJex91HOwgbvuL4uas81DuTr4zaG88NAHdyBNGS3VacK989aRlj4TNSP5fEvq83ntvmifLoinISlvSAjRqL4WeXi1ChYCNfQvs6NoxkeRVxwcp+nl46ZuN4BZAEVcqukV8DEZmwsOajYdg4etihi4zviw6TBLYOY41wImMyam4aTitidOqaDvztpoPA7ye6HO7PsLQv+jttkjBBoRq8BsKnF+xZYnoYdVJ/qxUrUlVZSIt7vi8qYyXISjhSrlWMbkhn/JpUHkOomHFL4sR+X3izgw9fMUqHJ0XrYoSBWapd42r0Xo4tw3/b+tMlJNWgAKlx2Sb72GMZCT9Bys9kCc0jpDhFlHiQTvEZBQBEqPrS/f0hQHp0SFSGhcUCffbQlRX8UzRUSUTfIAhsOR83b5D0KU1tkg/V2UiYHhLhCMDMySWRlKfxjLWOAXcgrITak+vPvrlJyse7kns6iHZkxMwk4YQYOPOmr7gmnAlezL0o4pdm9f/NskoWEYB5GiDe6KiI24KnsO1ajhm365iSMPu1TWnVGmU6KemRwnFRTW42ClpW7FFzuWLgE/ddP6a9eMDPKdg5lnj2qVr7cjHDg/p4tlNviye4aV9XnuGH3C7rV0JL/jd+NfzQfE1J5b1IEsxtJh0cTm88QPjcHnLjNOmDWRbP
X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent;
CAT:NONE;
SFS:(13230022)(4636009)(346002)(396003)(376002)(39860400002)(136003)(451199015)(36840700001)(40470700004)(46966006)(83380400001)(186003)(2616005)(36860700001)(336012)(47076005)(26005)(426003)(82310400005)(2906002)(82740400003)(5660300002)(6916009)(36756003)(316002)(7696005)(41300700001)(86362001)(70586007)(40460700003)(8936002)(40480700001)(70206006)(81166007)(478600001)(8676002)(356005)(44832011)(36900700001);
DIR:OUT; SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR08MB5718
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
DBAEUR03FT059.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs:
ba96de97-a8e2-4f74-0031-08dab8309de4
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
TnVh09aKvHs8mKRfHx5AwqXjENy8qHCEVoUvZr57snpBn4fcb+ZJUfUJNrnOyCAYTMm77620WyyqrcmxeYXgaFrrK8L6ydpcx/gQKgyiQX59po8P4BzjRsw5yzcNFyvVydLPinHFK3IRCeDVcmbR3ZUcUKke/OHc+oUoHO8qCaVsXS0Akf8mdYXiilPWtJAIYdM4VRXyxFMW2L0p9dkmSIPsG1PoVC2ouV8cQvhb+4XjfQDqNwFL8AGuwiu9UGVxMxHUCLAsG0m7Nrzt+5oE0JlsZaZxRCinwu8PowPlTE6cV/GUf7xp59qDDxsddDYGNtfplv2GF89iNtCFo8160pM8jaSJZl+lm/DOvpx315LAz/jU3eIMvrxvWN6CAjUoG4KMlx9k0n61EeScPePzJdRBv8gDjndHVwl1MMUwmt8573QproKIwpDYZqd3Y08iqJQ1YsHqQoGPpI/YXg3bFZh087U1XglakjawCGfgth2aRuCt5r1v20yLNPFvMAjILqqAND+FcwLYVdEuDyY0OYs0R8Aq+jcgEdxMrx8cbTBRa7MR/PyzwzvP9+9oIBeORmNLoV0WK6hyFRVIsfbdwUKpZgF+TfKiVjGSCWW/qqInIpQhvlEB10LxhrnBJMhLFNve1DbDbClW2L13RxBNaJVgVdYA+I4goldbGRfWjmhQoT19kdhA2UVGvUXV8SCntbIpm7f/3Mhi6zsCdaW+eXjTCfuhSf9NcOpYTDcwlHN60c7KTKl98hq3lBAV7cwnucQXEgIg6GZQVa+/LbIC/A==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
SFS:(13230022)(4636009)(396003)(346002)(39860400002)(136003)(376002)(451199015)(36840700001)(40470700004)(46966006)(44832011)(2616005)(40460700003)(2906002)(5660300002)(41300700001)(186003)(336012)(36860700001)(478600001)(8936002)(70586007)(70206006)(316002)(6916009)(82310400005)(426003)(47076005)(86362001)(8676002)(83380400001)(26005)(40480700001)(82740400003)(7696005)(36756003)(81166007);
DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2022 15:33:46.4703 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
d7faaca8-a27b-49af-d051-08dab830a359
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource:
DBAEUR03FT059.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB5962
X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,
SPF_HELO_NONE, SPF_NONE, TXREP,
UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=subscribe>
From: Szabolcs Nagy via Libc-alpha <libc-alpha@sourceware.org>
Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Libc-alpha"
<libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
|
| Series |
patches from the morello port
|
|
Checks
| Context | Check | Description |
|---|---|---|
| dj/TryBot-apply_patch | success | Patch applied to master at the time it was sent |
Commit Message
Szabolcs Nagy
Oct. 27, 2022, 3:33 p.m. UTC
The test used scratch_buffer_dupfree incorrectly: - The passed in size must be <= buf.length. - Must be called at most once on a buf object since it frees it. - After it is called buf.data and buf.length must not be accessed. All of these were violated, the test happened to work because the buffer was on the stack, which meant the test copied out-of-bounds bytes from the stack into a new buffer and then compared those bytes. Run one test and avoid the issues above. --- malloc/tst-scratch_buffer.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-)
Comments
* Szabolcs Nagy via Libc-alpha: test used scratch_buffer_dupfree incorrectly: > > - The passed in size must be <= buf.length. > - Must be called at most once on a buf object since it frees it. > - After it is called buf.data and buf.length must not be accessed. > > All of these were violated, the test happened to work because the > buffer was on the stack, which meant the test copied out-of-bounds > bytes from the stack into a new buffer and then compared those bytes. > > Run one test and avoid the issues above. > --- > malloc/tst-scratch_buffer.c | 22 +++++++--------------- > 1 file changed, 7 insertions(+), 15 deletions(-) > > diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c > index 9fcb11ba2c..60a513ccc6 100644 > --- a/malloc/tst-scratch_buffer.c > +++ b/malloc/tst-scratch_buffer.c > @@ -155,21 +155,13 @@ do_test (void) > struct scratch_buffer buf; > scratch_buffer_init (&buf); > memset (buf.data, '@', buf.length); > - > - size_t sizes[] = { 16, buf.length, buf.length + 16 }; > - for (int i = 0; i < array_length (sizes); i++) > - { > - /* The extra size is unitialized through realloc. */ > - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; > - void *r = scratch_buffer_dupfree (&buf, l); > - void *c = xmalloc (l); > - memset (c, '@', l); > - TEST_COMPARE_BLOB (r, l, buf.data, l); > - free (r); > - free (c); > - } > - > - scratch_buffer_free (&buf); > + size_t l = 16 <= buf.length ? 16 : buf.length; > + void *r = scratch_buffer_dupfree (&buf, l); > + void *c = xmalloc (l); > + memset (c, '@', l); > + TEST_COMPARE_BLOB (r, l, c, l); > + free (r); > + free (c); > } > return 0; > } I think we should keep the test loop, but create a new scratch buffer on each iteration. Thanks, Florian
The 10/28/2022 07:41, Florian Weimer wrote: > * Szabolcs Nagy via Libc-alpha: > > test used scratch_buffer_dupfree incorrectly: > > > > - The passed in size must be <= buf.length. > > - Must be called at most once on a buf object since it frees it. > > - After it is called buf.data and buf.length must not be accessed. > > > > All of these were violated, the test happened to work because the > > buffer was on the stack, which meant the test copied out-of-bounds > > bytes from the stack into a new buffer and then compared those bytes. > > > > Run one test and avoid the issues above. > > --- > > malloc/tst-scratch_buffer.c | 22 +++++++--------------- > > 1 file changed, 7 insertions(+), 15 deletions(-) > > > > diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c > > index 9fcb11ba2c..60a513ccc6 100644 > > --- a/malloc/tst-scratch_buffer.c > > +++ b/malloc/tst-scratch_buffer.c > > @@ -155,21 +155,13 @@ do_test (void) > > struct scratch_buffer buf; > > scratch_buffer_init (&buf); > > memset (buf.data, '@', buf.length); > > - > > - size_t sizes[] = { 16, buf.length, buf.length + 16 }; > > - for (int i = 0; i < array_length (sizes); i++) > > - { > > - /* The extra size is unitialized through realloc. */ > > - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; > > - void *r = scratch_buffer_dupfree (&buf, l); > > - void *c = xmalloc (l); > > - memset (c, '@', l); > > - TEST_COMPARE_BLOB (r, l, buf.data, l); > > - free (r); > > - free (c); > > - } > > - > > - scratch_buffer_free (&buf); > > + size_t l = 16 <= buf.length ? 16 : buf.length; > > + void *r = scratch_buffer_dupfree (&buf, l); > > + void *c = xmalloc (l); > > + memset (c, '@', l); > > + TEST_COMPARE_BLOB (r, l, c, l); > > + free (r); > > + free (c); > > } > > return 0; > > } > > I think we should keep the test loop, but create a new scratch buffer on > each iteration. given the documentation of scratch_buffer_dupfree i don't see how the test supposed to work with sizes > buf.length or what's the point of this loop.
* Szabolcs Nagy: >> I think we should keep the test loop, but create a new scratch buffer on >> each iteration. > > given the documentation of scratch_buffer_dupfree > i don't see how the test supposed to work with > sizes > buf.length or what's the point of this loop. Hmph. Let's just remove it. It's unused anyway. Should I send a patch, or do you want to do it? Thanks, Florian
The 10/28/2022 13:30, Florian Weimer via Libc-alpha wrote: > * Szabolcs Nagy: > > >> I think we should keep the test loop, but create a new scratch buffer on > >> each iteration. > > > > given the documentation of scratch_buffer_dupfree > > i don't see how the test supposed to work with > > sizes > buf.length or what's the point of this loop. > > Hmph. Let's just remove it. It's unused anyway. Should I send a > patch, or do you want to do it? i think my original patch makes sense that at least has one scratch_buffer_dupfree test. or do you prefer to remove this bit completely?
* Szabolcs Nagy: > The 10/28/2022 13:30, Florian Weimer via Libc-alpha wrote: >> * Szabolcs Nagy: >> >> >> I think we should keep the test loop, but create a new scratch buffer on >> >> each iteration. >> > >> > given the documentation of scratch_buffer_dupfree >> > i don't see how the test supposed to work with >> > sizes > buf.length or what's the point of this loop. >> >> Hmph. Let's just remove it. It's unused anyway. Should I send a >> patch, or do you want to do it? > > i think my original patch makes sense that at least has > one scratch_buffer_dupfree test. > > or do you prefer to remove this bit completely? Sorry I meant we should remove scratch_buffer_dupfree along with its test because it's unused after commit ef0700004bf0dccf493a5e8e21f71d9e7972ea9f ("stdlib: Sync canonicalize with gnulib [BZ #10635] [BZ #26592] [BZ #26341] [BZ #24970]"). Thanks, Florian
diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c index 9fcb11ba2c..60a513ccc6 100644 --- a/malloc/tst-scratch_buffer.c +++ b/malloc/tst-scratch_buffer.c @@ -155,21 +155,13 @@ do_test (void) struct scratch_buffer buf; scratch_buffer_init (&buf); memset (buf.data, '@', buf.length); - - size_t sizes[] = { 16, buf.length, buf.length + 16 }; - for (int i = 0; i < array_length (sizes); i++) - { - /* The extra size is unitialized through realloc. */ - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; - void *r = scratch_buffer_dupfree (&buf, l); - void *c = xmalloc (l); - memset (c, '@', l); - TEST_COMPARE_BLOB (r, l, buf.data, l); - free (r); - free (c); - } - - scratch_buffer_free (&buf); + size_t l = 16 <= buf.length ? 16 : buf.length; + void *r = scratch_buffer_dupfree (&buf, l); + void *c = xmalloc (l); + memset (c, '@', l); + TEST_COMPARE_BLOB (r, l, c, l); + free (r); + free (c); } return 0; }