[v3,28/29] posix: Use <support/next_to_fault.h> in tst-fnmatch3

Message ID 1ed97cb59a7a97c0648bf3b2d21185fdb41358ba.1727624528.git.fweimer@redhat.com
State Under Review
Delegated to: Adhemerval Zanella Netto
Headers
Series Teach glibc about possible page sizes and handle gaps in ld.so |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Test passed
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm fail Test failed

Commit Message

Florian Weimer Sept. 29, 2024, 4:45 p.m. UTC
  This papers over GCC PR116884 because the triggering memset
is gone, and the strcpy call does not have bounds information
available.

Verified that the test still finds the original bug by
partially reverting commit c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61
("Fix BZ 18036 buffer overflow (read past end of buffer) in
internal_fnmatch").
---
 posix/tst-fnmatch3.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)
  

Patch

diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
index 258ce035c4..ef51d7a0d4 100644
--- a/posix/tst-fnmatch3.c
+++ b/posix/tst-fnmatch3.c
@@ -20,22 +20,18 @@ 
 #include <sys/mman.h>
 #include <string.h>
 #include <unistd.h>
+#include <support/check.h>
+#include <support/next_to_fault.h>
 
-int
+void
 do_bz18036 (void)
 {
   const char p[] = "**(!()";
-  const int pagesize = getpagesize ();
-
-  char *pattern = mmap (0, 2 * pagesize, PROT_READ|PROT_WRITE,
-                        MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
-  if (pattern == MAP_FAILED) return 1;
-
-  mprotect (pattern + pagesize, pagesize, PROT_NONE);
-  memset (pattern, ' ', pagesize);
-  strcpy (pattern, p);
-
-  return fnmatch (pattern, p, FNM_EXTMATCH);
+  struct support_next_to_fault ntf
+    = support_next_to_fault_allocate (sizeof (p));
+  strcpy (ntf.buffer, p);
+  TEST_COMPARE (fnmatch (ntf.buffer, p, FNM_EXTMATCH), 0);
+  support_next_to_fault_free (&ntf);
 }
 
 int
@@ -45,7 +41,8 @@  do_test (void)
     return 1;
   if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
     return 1;
-  return do_bz18036 ();
+  do_bz18036 ();
+  return 0;
 }
 
 #define TEST_FUNCTION do_test ()