diff mbox series

[v4,1/2] stdio-common: Add regression test [BZ #34008]

Message ID 20260405181821.475180-2-marocketbd@gmail.com (mailing list archive)
State New
Headers
Series stdio-common: Fix heap overflow in scanf %mc pattern [BZ #34008] |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Build passed
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm fail Test failed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 fail Test failed

Commit Message

Rocket Ma April 5, 2026, 6:18 p.m. UTC 
  * stdio-common/tst-vfscanf-bz34008.c: This separate regression test is
added to test if BZ #34008 is fixed.

Signed-off-by: Rocket Ma <marocketbd@gmail.com>
---
 stdio-common/Makefile              |  4 +++
 stdio-common/tst-vfscanf-bz34008.c | 48 ++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 stdio-common/tst-vfscanf-bz34008.c
diff mbox series

Patch

diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 210944837e..0c0085e607 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -349,6 +349,7 @@  tests := \
   tst-vfprintf-user-type \
   tst-vfprintf-width-i18n \
   tst-vfprintf-width-prec-alloc \
+  tst-vfscanf-bz34008 \
   tst-wc-printf \
   tstdiomisc \
   tstgetln \
@@ -564,6 +565,9 @@  tst-printf-bz18872-ENV = MALLOC_TRACE=$(objpfx)tst-printf-bz18872.mtrace \
 tst-vfprintf-width-prec-ENV = \
   MALLOC_TRACE=$(objpfx)tst-vfprintf-width-prec.mtrace \
   LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+tst-vfscanf-bz34008-ENV = \
+  MALLOC_CHECK_=3 \
+  LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
 tst-printf-bz25691-ENV = \
   MALLOC_TRACE=$(objpfx)tst-printf-bz25691.mtrace \
   LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
diff --git a/stdio-common/tst-vfscanf-bz34008.c b/stdio-common/tst-vfscanf-bz34008.c
new file mode 100644
index 0000000000..af746821fb
--- /dev/null
+++ b/stdio-common/tst-vfscanf-bz34008.c
@@ -0,0 +1,48 @@ 
+/* Regression test for vfscanf %Nmc out-of-bound write (BZ #34008)
+   Copyright (C) 2012-2026 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include "malloc/mcheck.h"
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <wchar.h>
+#include <stdlib.h>
+#include <malloc.h>
+#include <support/check.h>
+
+#define WIDTH 0x410
+#define SCANFSTR "%1040mc"
+static int
+do_test (void)
+{
+  mcheck_pedantic (NULL);
+  char *input = malloc (WIDTH + 1);
+  TEST_VERIFY (input != NULL);
+  memset (input, 'A', WIDTH);
+  input[WIDTH] = '\0';
+
+  char *buf = NULL;
+  TEST_VERIFY (sscanf (input, SCANFSTR, &buf) != -1);
+  TEST_VERIFY (buf != NULL);
+
+  free (buf);
+  free (input);
+  return 0;
+}
+
+#include <support/test-driver.c>