[glib: 9/11] glib/tests/spawn-path-search: fix stack-buffer-overflow

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 9/11] glib/tests/spawn-path-search: fix stack-buffer-overflow
Date: Wed, 18 May 2022 14:01:44 +0000 (UTC)


commit 15ce3c9b37c2767c82de249e60781439c9abaf78
Author: Marc-André Lureau <marcandre lureau redhat com>
Date:   Tue May 17 15:01:04 2022 +0200

    glib/tests/spawn-path-search: fix stack-buffer-overflow
    
    ==24477==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffde020de20 at pc 0x7f2e6f6413f1 bp 
0x7ffde020c9d0 sp 0x7ffde020c180
    READ of size 4101 at 0x7ffde020de20 thread T0
        #0 0x7f2e6f6413f0 in __interceptor_strlen.part.0 (/lib64/libasan.so.8+0x4c3f0)
        #1 0x7f2e6ef4abee in g_build_path_va ../glib/gfileutils.c:1908
        #2 0x7f2e6f085956 in g_test_build_filename_va ../glib/gtestutils.c:4294
        #3 0x7f2e6f086684 in g_test_build_filename ../glib/gtestutils.c:4365
        #4 0x403a33 in test_search_path_heap_allocation ../glib/tests/spawn-path-search.c:422
        #5 0x7f2e6f0839a5 in test_case_run ../glib/gtestutils.c:2930
        #6 0x7f2e6f0839a5 in g_test_run_suite_internal ../glib/gtestutils.c:3018
        #7 0x7f2e6f0834ed in g_test_run_suite_internal ../glib/gtestutils.c:3035
        #8 0x7f2e6f084879 in g_test_run_suite ../glib/gtestutils.c:3112
        #9 0x7f2e6f084995 in g_test_run ../glib/gtestutils.c:2231
        #10 0x40145f in main ../glib/tests/spawn-path-search.c:488
        #11 0x7f2e6e31258f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f)
        #12 0x7f2e6e312648 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2d648)
        #13 0x401524 in _start (/home/elmarco/src/gnome/glib/build/glib/tests/spawn-path-search+0x401524)
    
    Address 0x7ffde020de20 is located in stack of thread T0 at offset 4256 in frame
        #0 0x40387f in test_search_path_heap_allocation ../glib/tests/spawn-path-search.c:401
    
    Signed-off-by: Marc-André Lureau <marcandre lureau redhat com>

 glib/tests/spawn-path-search.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
---
diff --git a/glib/tests/spawn-path-search.c b/glib/tests/spawn-path-search.c
index 5008fc9608..221849d5c9 100644
--- a/glib/tests/spawn-path-search.c
+++ b/glib/tests/spawn-path-search.c
@@ -417,7 +417,8 @@ test_search_path_heap_allocation (void)
   if (skip_win32 ())
     return;
 
-  memset (placeholder, '_', sizeof (placeholder));
+  memset (placeholder, '_', sizeof (placeholder) - 1);
+  placeholder[sizeof (placeholder) - 1] = '\0';
   /* Force search_path_buffer to be heap-allocated */
   long_dir = g_test_build_filename (G_TEST_BUILT, "path-test-subdir", placeholder, NULL);
   long_path = g_strjoin (G_SEARCHPATH_SEPARATOR_S, subdir, long_dir, NULL);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]