Message ID | b4ecb76a1c47dfac8344706e365686bd2620affe.1666877952.git.szabolcs.nagy@arm.com |
---|---|
State | Superseded |
Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9E8303829BF2 for <patchwork@sourceware.org>; Thu, 27 Oct 2022 15:37:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9E8303829BF2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666885071; bh=Gif0sWXhROUG1GWvzhZEFPQlTih9FOhU8jNB9HGCQIs=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=JboUp5zIVSOKhuOCVR7paaQsFTkn8KoJyYDBjTLVHwrccU7J2c4pNZ1LpFEkK2kXE YBlQeEEqfp8+tpyExcSmcmEZKfMuG3NOHsbuT/NRRHidKN156D/nlrVV9bBmA72gmZ r0JWrtBpRZmGeB9Wy8P3x8FX6qSjdH+4W3lfLiAo= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2084.outbound.protection.outlook.com [40.107.104.84]) by sourceware.org (Postfix) with ESMTPS id B11F0385151B for <libc-alpha@sourceware.org>; Thu, 27 Oct 2022 15:33:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B11F0385151B ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=AmlrlGdgn9GIt9q7BQbO6xz9AMyAwriShv8U0xFmAovs/X5yhskmDRmR+XQ+P0T5/F6ZPRS4K2STwW25SWpoWH8SZnVGoYNIJvv48i8ydOgG5Fg0wSGjk54gC3DWXhNiZ2BArcuLQDYwJPdTtYcu1iLqP1eT5aaiJyLcQOi1YfH/LH9XfEvETIDXZm2+fdZmt300M7/9NtH+A1XLrzZVERI0Fsi2v3qqH6JwcsBjN6OL0yooCic9TtXEOwgDSKlLHNpTAaj9NQ22iJCuhz0SPoLyAd/bHvUA9RqRDpYx2Q0vB2nvKbRS58uL1UYLSTzOjc4ZH2tYCtoUXvQW150/3w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gif0sWXhROUG1GWvzhZEFPQlTih9FOhU8jNB9HGCQIs=; b=OmzNIRmvIGcn67mwTo+nvLIu9CeG822Qac1gFLYt5DdP8OzHzsDkzYFJn2u3FkOJ0yT+KJw0n1Ern50Qz4qhg6hdCijl/q0bGvP8OhuFupgZ3HsIWItRTCCMPSptQBUxw1DtG629KCBTFiQOe8sGwrKqYiVf64QZkkTFY3k2wGNYWswAzm31iD7VxoLriaYfaZzgiUtraUuGOu6D63PGRGVMXCgSWhNnIGseayS/TGyNxbi7kxxKfRvZIDWuXtYAfHCAZqALKnxnXio6MUHkdJGoA9+prEu8ebkm67v53zt1HkIezmACPL2JPEYu9KiCREURMZ0JV3WIykzcQGbL9A== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1, 1, smtp.mailfrom=arm.com] dmarc=[1, 1, header.from=arm.com]) Received: from DU2PR04CA0162.eurprd04.prod.outlook.com (2603:10a6:10:2b0::17) by DBBPR08MB5962.eurprd08.prod.outlook.com (2603:10a6:10:202::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.29; Thu, 27 Oct 2022 15:33:46 +0000 Received: from DBAEUR03FT059.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:2b0:cafe::a9) by DU2PR04CA0162.outlook.office365.com (2603:10a6:10:2b0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.23 via Frontend Transport; Thu, 27 Oct 2022 15:33:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT059.mail.protection.outlook.com (100.127.142.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Thu, 27 Oct 2022 15:33:46 +0000 Received: ("Tessian outbound b4aebcc5bc64:v130"); Thu, 27 Oct 2022 15:33:46 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c2a68d14b5087567 X-CR-MTA-TID: 64aa7808 Received: from e1d654550a55.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E4E7F4DA-8937-424B-B000-DED55FB3A69C.1; Thu, 27 Oct 2022 15:33:39 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id e1d654550a55.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 27 Oct 2022 15:33:39 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ntwGXgvqNChc50X493dZfQD3ZDb4j3U8cmXZkgGBCv5HATTkMRDyN4GUI/8YdhkaZ3+lRJp+gBZx/EPZA2Q2ZNYGm74AKneiJYf3sG+6F4tTr6VrPgqxY9qK/IcrxmJZFEC9mUayWO2ych933ZzuepblqUxPDGm1otAcok4/RGWMjlpqyz2s7AlPUgFQKAKdFrYJ4ZNagztfTr9OUyp7c0paIBwhOaqsYggl3oOBNJ16n2HafZmyki8EVhpoBvA59nJb37gUnGMTPz/aexIy5aqHBQePU05Jbbs2zN7MSeTdwNy9ZuKJyCPVjb8UP07QrqHPXUJSxlGUucvy9uLI4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gif0sWXhROUG1GWvzhZEFPQlTih9FOhU8jNB9HGCQIs=; b=QT1/i0IeejdylFTmURaQc9xe43A7l2iOI276xRVf33RJwFbBh3cWKdEgu+NM47nUBt17qp8IzoNCYAr9rQ7sAmaKwgbr86btzJoBpxhUMbHtT+wZvnquyAVP+yhpsw3B0nX78hMo76m7jWwNBUFe04ZTcDqb1b2BFRdTcHTPsfkNjKDmd+agY8l9viXxx3SptHSPY9oMksQFRbvzxNcDmdJzpZGBnGVDC43LJxIbJ7wGHt1RsaGuc0HPGgBbUXOKH3rF3wZbmWiJ2NM9mF/PBr5Bbh1o/nRofIPJkNcHDBetZ3tJNBBAg94evLv8A3A7ls3TT9cXSY9MeFNg9N0fyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none Received: from AM6P195CA0081.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:86::22) by DBAPR08MB5718.eurprd08.prod.outlook.com (2603:10a6:10:1a9::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct 2022 15:33:37 +0000 Received: from AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:86:cafe::c0) by AM6P195CA0081.outlook.office365.com (2603:10a6:209:86::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28 via Frontend Transport; Thu, 27 Oct 2022 15:33:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by AM7EUR03FT032.mail.protection.outlook.com (100.127.140.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5746.16 via Frontend Transport; Thu, 27 Oct 2022 15:33:37 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Thu, 27 Oct 2022 15:33:37 +0000 Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.12 via Frontend Transport; Thu, 27 Oct 2022 15:33:36 +0000 To: <libc-alpha@sourceware.org> Subject: [PATCH 16/20] Fix malloc/tst-scratch_buffer OOB access Date: Thu, 27 Oct 2022 16:33:36 +0100 Message-ID: <b4ecb76a1c47dfac8344706e365686bd2620affe.1666877952.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <cover.1666877952.git.szabolcs.nagy@arm.com> References: <cover.1666877952.git.szabolcs.nagy@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: AM7EUR03FT032:EE_|DBAPR08MB5718:EE_|DBAEUR03FT059:EE_|DBBPR08MB5962:EE_ X-MS-Office365-Filtering-Correlation-Id: d7faaca8-a27b-49af-d051-08dab830a359 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: s/484bnvUNQYUt+LqkSb02nr8T5EdcSp95mIuy+uEQg0GtyGLJH9qxf5CCPIXd6LV9h8c0Cc1w8csqLCoy8lKpn5I/rqdNYZKlq1S/vVp6ZKj2OYTEL2eHTgp+/495XOsJNoUZOKvVZaIjRKNTwWzMiHCdQt5iTFcEYbKGJex91HOwgbvuL4uas81DuTr4zaG88NAHdyBNGS3VacK989aRlj4TNSP5fEvq83ntvmifLoinISlvSAjRqL4WeXi1ChYCNfQvs6NoxkeRVxwcp+nl46ZuN4BZAEVcqukV8DEZmwsOajYdg4etihi4zviw6TBLYOY41wImMyam4aTitidOqaDvztpoPA7ye6HO7PsLQv+jttkjBBoRq8BsKnF+xZYnoYdVJ/qxUrUlVZSIt7vi8qYyXISjhSrlWMbkhn/JpUHkOomHFL4sR+X3izgw9fMUqHJ0XrYoSBWapd42r0Xo4tw3/b+tMlJNWgAKlx2Sb72GMZCT9Bys9kCc0jpDhFlHiQTvEZBQBEqPrS/f0hQHp0SFSGhcUCffbQlRX8UzRUSUTfIAhsOR83b5D0KU1tkg/V2UiYHhLhCMDMySWRlKfxjLWOAXcgrITak+vPvrlJyse7kns6iHZkxMwk4YQYOPOmr7gmnAlezL0o4pdm9f/NskoWEYB5GiDe6KiI24KnsO1ajhm365iSMPu1TWnVGmU6KemRwnFRTW42ClpW7FFzuWLgE/ddP6a9eMDPKdg5lnj2qVr7cjHDg/p4tlNviye4aV9XnuGH3C7rV0JL/jd+NfzQfE1J5b1IEsxtJh0cTm88QPjcHnLjNOmDWRbP X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230022)(4636009)(346002)(396003)(376002)(39860400002)(136003)(451199015)(36840700001)(40470700004)(46966006)(83380400001)(186003)(2616005)(36860700001)(336012)(47076005)(26005)(426003)(82310400005)(2906002)(82740400003)(5660300002)(6916009)(36756003)(316002)(7696005)(41300700001)(86362001)(70586007)(40460700003)(8936002)(40480700001)(70206006)(81166007)(478600001)(8676002)(356005)(44832011)(36900700001); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR08MB5718 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT059.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: ba96de97-a8e2-4f74-0031-08dab8309de4 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TnVh09aKvHs8mKRfHx5AwqXjENy8qHCEVoUvZr57snpBn4fcb+ZJUfUJNrnOyCAYTMm77620WyyqrcmxeYXgaFrrK8L6ydpcx/gQKgyiQX59po8P4BzjRsw5yzcNFyvVydLPinHFK3IRCeDVcmbR3ZUcUKke/OHc+oUoHO8qCaVsXS0Akf8mdYXiilPWtJAIYdM4VRXyxFMW2L0p9dkmSIPsG1PoVC2ouV8cQvhb+4XjfQDqNwFL8AGuwiu9UGVxMxHUCLAsG0m7Nrzt+5oE0JlsZaZxRCinwu8PowPlTE6cV/GUf7xp59qDDxsddDYGNtfplv2GF89iNtCFo8160pM8jaSJZl+lm/DOvpx315LAz/jU3eIMvrxvWN6CAjUoG4KMlx9k0n61EeScPePzJdRBv8gDjndHVwl1MMUwmt8573QproKIwpDYZqd3Y08iqJQ1YsHqQoGPpI/YXg3bFZh087U1XglakjawCGfgth2aRuCt5r1v20yLNPFvMAjILqqAND+FcwLYVdEuDyY0OYs0R8Aq+jcgEdxMrx8cbTBRa7MR/PyzwzvP9+9oIBeORmNLoV0WK6hyFRVIsfbdwUKpZgF+TfKiVjGSCWW/qqInIpQhvlEB10LxhrnBJMhLFNve1DbDbClW2L13RxBNaJVgVdYA+I4goldbGRfWjmhQoT19kdhA2UVGvUXV8SCntbIpm7f/3Mhi6zsCdaW+eXjTCfuhSf9NcOpYTDcwlHN60c7KTKl98hq3lBAV7cwnucQXEgIg6GZQVa+/LbIC/A== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(396003)(346002)(39860400002)(136003)(376002)(451199015)(36840700001)(40470700004)(46966006)(44832011)(2616005)(40460700003)(2906002)(5660300002)(41300700001)(186003)(336012)(36860700001)(478600001)(8936002)(70586007)(70206006)(316002)(6916009)(82310400005)(426003)(47076005)(86362001)(8676002)(83380400001)(26005)(40480700001)(82740400003)(7696005)(36756003)(81166007); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2022 15:33:46.4703 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d7faaca8-a27b-49af-d051-08dab830a359 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT059.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB5962 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Szabolcs Nagy via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
Series |
patches from the morello port
|
|
Checks
Context | Check | Description |
---|---|---|
dj/TryBot-apply_patch | success | Patch applied to master at the time it was sent |
Commit Message
Szabolcs Nagy
Oct. 27, 2022, 3:33 p.m. UTC
The test used scratch_buffer_dupfree incorrectly: - The passed in size must be <= buf.length. - Must be called at most once on a buf object since it frees it. - After it is called buf.data and buf.length must not be accessed. All of these were violated, the test happened to work because the buffer was on the stack, which meant the test copied out-of-bounds bytes from the stack into a new buffer and then compared those bytes. Run one test and avoid the issues above. --- malloc/tst-scratch_buffer.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-)
Comments
* Szabolcs Nagy via Libc-alpha: test used scratch_buffer_dupfree incorrectly: > > - The passed in size must be <= buf.length. > - Must be called at most once on a buf object since it frees it. > - After it is called buf.data and buf.length must not be accessed. > > All of these were violated, the test happened to work because the > buffer was on the stack, which meant the test copied out-of-bounds > bytes from the stack into a new buffer and then compared those bytes. > > Run one test and avoid the issues above. > --- > malloc/tst-scratch_buffer.c | 22 +++++++--------------- > 1 file changed, 7 insertions(+), 15 deletions(-) > > diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c > index 9fcb11ba2c..60a513ccc6 100644 > --- a/malloc/tst-scratch_buffer.c > +++ b/malloc/tst-scratch_buffer.c > @@ -155,21 +155,13 @@ do_test (void) > struct scratch_buffer buf; > scratch_buffer_init (&buf); > memset (buf.data, '@', buf.length); > - > - size_t sizes[] = { 16, buf.length, buf.length + 16 }; > - for (int i = 0; i < array_length (sizes); i++) > - { > - /* The extra size is unitialized through realloc. */ > - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; > - void *r = scratch_buffer_dupfree (&buf, l); > - void *c = xmalloc (l); > - memset (c, '@', l); > - TEST_COMPARE_BLOB (r, l, buf.data, l); > - free (r); > - free (c); > - } > - > - scratch_buffer_free (&buf); > + size_t l = 16 <= buf.length ? 16 : buf.length; > + void *r = scratch_buffer_dupfree (&buf, l); > + void *c = xmalloc (l); > + memset (c, '@', l); > + TEST_COMPARE_BLOB (r, l, c, l); > + free (r); > + free (c); > } > return 0; > } I think we should keep the test loop, but create a new scratch buffer on each iteration. Thanks, Florian
The 10/28/2022 07:41, Florian Weimer wrote: > * Szabolcs Nagy via Libc-alpha: > > test used scratch_buffer_dupfree incorrectly: > > > > - The passed in size must be <= buf.length. > > - Must be called at most once on a buf object since it frees it. > > - After it is called buf.data and buf.length must not be accessed. > > > > All of these were violated, the test happened to work because the > > buffer was on the stack, which meant the test copied out-of-bounds > > bytes from the stack into a new buffer and then compared those bytes. > > > > Run one test and avoid the issues above. > > --- > > malloc/tst-scratch_buffer.c | 22 +++++++--------------- > > 1 file changed, 7 insertions(+), 15 deletions(-) > > > > diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c > > index 9fcb11ba2c..60a513ccc6 100644 > > --- a/malloc/tst-scratch_buffer.c > > +++ b/malloc/tst-scratch_buffer.c > > @@ -155,21 +155,13 @@ do_test (void) > > struct scratch_buffer buf; > > scratch_buffer_init (&buf); > > memset (buf.data, '@', buf.length); > > - > > - size_t sizes[] = { 16, buf.length, buf.length + 16 }; > > - for (int i = 0; i < array_length (sizes); i++) > > - { > > - /* The extra size is unitialized through realloc. */ > > - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; > > - void *r = scratch_buffer_dupfree (&buf, l); > > - void *c = xmalloc (l); > > - memset (c, '@', l); > > - TEST_COMPARE_BLOB (r, l, buf.data, l); > > - free (r); > > - free (c); > > - } > > - > > - scratch_buffer_free (&buf); > > + size_t l = 16 <= buf.length ? 16 : buf.length; > > + void *r = scratch_buffer_dupfree (&buf, l); > > + void *c = xmalloc (l); > > + memset (c, '@', l); > > + TEST_COMPARE_BLOB (r, l, c, l); > > + free (r); > > + free (c); > > } > > return 0; > > } > > I think we should keep the test loop, but create a new scratch buffer on > each iteration. given the documentation of scratch_buffer_dupfree i don't see how the test supposed to work with sizes > buf.length or what's the point of this loop.
* Szabolcs Nagy: >> I think we should keep the test loop, but create a new scratch buffer on >> each iteration. > > given the documentation of scratch_buffer_dupfree > i don't see how the test supposed to work with > sizes > buf.length or what's the point of this loop. Hmph. Let's just remove it. It's unused anyway. Should I send a patch, or do you want to do it? Thanks, Florian
The 10/28/2022 13:30, Florian Weimer via Libc-alpha wrote: > * Szabolcs Nagy: > > >> I think we should keep the test loop, but create a new scratch buffer on > >> each iteration. > > > > given the documentation of scratch_buffer_dupfree > > i don't see how the test supposed to work with > > sizes > buf.length or what's the point of this loop. > > Hmph. Let's just remove it. It's unused anyway. Should I send a > patch, or do you want to do it? i think my original patch makes sense that at least has one scratch_buffer_dupfree test. or do you prefer to remove this bit completely?
* Szabolcs Nagy: > The 10/28/2022 13:30, Florian Weimer via Libc-alpha wrote: >> * Szabolcs Nagy: >> >> >> I think we should keep the test loop, but create a new scratch buffer on >> >> each iteration. >> > >> > given the documentation of scratch_buffer_dupfree >> > i don't see how the test supposed to work with >> > sizes > buf.length or what's the point of this loop. >> >> Hmph. Let's just remove it. It's unused anyway. Should I send a >> patch, or do you want to do it? > > i think my original patch makes sense that at least has > one scratch_buffer_dupfree test. > > or do you prefer to remove this bit completely? Sorry I meant we should remove scratch_buffer_dupfree along with its test because it's unused after commit ef0700004bf0dccf493a5e8e21f71d9e7972ea9f ("stdlib: Sync canonicalize with gnulib [BZ #10635] [BZ #26592] [BZ #26341] [BZ #24970]"). Thanks, Florian
diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c index 9fcb11ba2c..60a513ccc6 100644 --- a/malloc/tst-scratch_buffer.c +++ b/malloc/tst-scratch_buffer.c @@ -155,21 +155,13 @@ do_test (void) struct scratch_buffer buf; scratch_buffer_init (&buf); memset (buf.data, '@', buf.length); - - size_t sizes[] = { 16, buf.length, buf.length + 16 }; - for (int i = 0; i < array_length (sizes); i++) - { - /* The extra size is unitialized through realloc. */ - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; - void *r = scratch_buffer_dupfree (&buf, l); - void *c = xmalloc (l); - memset (c, '@', l); - TEST_COMPARE_BLOB (r, l, buf.data, l); - free (r); - free (c); - } - - scratch_buffer_free (&buf); + size_t l = 16 <= buf.length ? 16 : buf.length; + void *r = scratch_buffer_dupfree (&buf, l); + void *c = xmalloc (l); + memset (c, '@', l); + TEST_COMPARE_BLOB (r, l, c, l); + free (r); + free (c); } return 0; }