From patchwork Fri Sep 1 18:37:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Pluzhnikov X-Patchwork-Id: 22565 Received: (qmail 10602 invoked by alias); 1 Sep 2017 18:37:41 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 10589 invoked by uid 89); 1 Sep 2017 18:37:41 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.1 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mail-ua0-f174.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ysL5vhsjbUy7TpAWF37kiWWVS9D1k216VCtBZZ5I0mw=; b=cZI6jwz74n7EGDFB0Xi5qBpk6sZkRREvPfLUCXxDju67OsxVSgLEEHM4Wqr/ghjqe9 XWXRuwSkLHtASsEiZLRGYthLmw+DYnFPJvXfFEU1IN18ysWqzv+NUab/su6tuDj9EMi+ Su2TNfCoTl7/WRHZat+vyVgvV8NSLRMz6lHRbbpMZQL8xuW25VVeGsfGBUDJlhcZQfTe kurHlkpsoGyP8+K2RbbWdNiBltKCaPgScaBfUJLrh+XrZscSCtzFvXDlGgvm00udQTrp R9eLe6F/SUOygOTk9SiVwfsrJpG2uz86nSVLcLUTjxSxdHXiab/8v4cE6POu0r6aQYvk CAoA== X-Gm-Message-State: AHPjjUh1rPdFcxxW+c1HIqIJt5LmTBfJildcYKjvIdC5IJ7+RNY2IrBq GkhXMeGqmEV3K1eYBmRZEBZJLxGP+dhG X-Google-Smtp-Source: ADKCNb5TnFlX4A0gtCinFHT+5xMW7xZ4gj7Pa5eVeC9fvJuNpZDgzbanteCY7aLlm//KmXTTiMYWBpEZLJHoHNmbn6E= X-Received: by 10.176.26.173 with SMTP id j45mr1902288uai.33.1504291054167; Fri, 01 Sep 2017 11:37:34 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: Paul Pluzhnikov Date: Fri, 1 Sep 2017 11:37:03 -0700 Message-ID: Subject: Re: [PATCH] Extend tst-{atexit, at_quick_exit, cxa_atexit, onexit} to verify minimum number of supported handlers To: "H.J. Lu" Cc: GLIBC Devel On Fri, Sep 1, 2017 at 11:03 AM, H.J. Lu wrote: > It failed on Linux/i686: The "crumbs" buffer was not sized correctly, and I had global buffer overflow: ==71453==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000006023c0 at pc 0x000000400e84 bp 0x7ffe059dc370 sp 0x7ffe059dc368 WRITE of size 1 at 0x0000006023c0 thread T0 #0 0x400e83 in fn1 ../stdlib/tst-atexit-common.c:53 #1 0x7ff8af2da1a8 (/lib/x86_64-linux-gnu/libc.so.6+0x3c1a8) #2 0x7ff8af2da1f4 in exit (/lib/x86_64-linux-gnu/libc.so.6+0x3c1f4) #3 0x400bf5 in do_test ../stdlib/tst-atexit-common.c:140 #4 0x400bf5 in main ../stdlib/tst-atexit-common.c:143 #5 0x7ff8af2bff44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #6 0x400d39 (/glibc-git/stdlib/a.out+0x400d39) 0x0000006023c0 is located 0 bytes to the right of global variable 'crumbs' defined in '../stdlib/tst-atexit-common.c:33:13' (0x6023a0) of size 32 Sorry about that. Committed attached fix. diff --git a/stdlib/tst-atexit-common.c b/stdlib/tst-atexit-common.c index d6dcf08cdd..9ab8c1aea5 100644 --- a/stdlib/tst-atexit-common.c +++ b/stdlib/tst-atexit-common.c @@ -30,7 +30,10 @@ check that we support at least the minimum required. */ #define MAX_ATEXIT 32 -static char crumbs[MAX_ATEXIT]; +/* Arbitrary sequence matching current registrations. */ +const char expected[] = "00000000000000000000000003021121130211"; + +static char crumbs[sizeof (expected)]; static int next_slot = 0; /* Helper: flush stdout and _exit. */ @@ -71,9 +74,6 @@ fn3 (void) static void fn_final (void) { - /* Arbitrary sequence matching current registrations. */ - const char expected[] = "00000000000000000000000003021121130211"; - if (strcmp (crumbs, expected) == 0) _exit_with_flush (0);