From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.10]) by sourceware.org (Postfix) with ESMTPS id ECCAB3858C31; Fri, 14 Apr 2023 06:52:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org ECCAB3858C31 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nefkom.net Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4PyRwP6rTSz1s94H; Fri, 14 Apr 2023 08:52:53 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 4PyRwP324Kz1qqlW; Fri, 14 Apr 2023 08:52:53 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id 9vuk85F4iGHQ; Fri, 14 Apr 2023 08:52:52 +0200 (CEST) X-Auth-Info: tJIa28a2geLHXCfLm9Dls0zR8uEqNlohMOzfYrWlacxFDCCu9K1/qALfqt1sYY4t Received: from tiger.home (aftr-82-135-86-95.dynamic.mnet-online.de [82.135.86.95]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Fri, 14 Apr 2023 08:52:52 +0200 (CEST) Received: by tiger.home (Postfix, from userid 1000) id 1CD3218D935; Fri, 14 Apr 2023 08:52:52 +0200 (CEST) From: Andreas Schwab To: Adhemerval Zanella via Glibc-cvs Cc: Adhemerval Zanella Subject: Re: [glibc] malloc: Assure that THP mode is always null terminated In-Reply-To: <20230413201833.21C0C3858D20@sourceware.org> (Adhemerval Zanella via Glibc-cvs's message of "Thu, 13 Apr 2023 20:18:33 +0000 (GMT)") References: <20230413201833.21C0C3858D20@sourceware.org> X-Yow: LOU GRANT froze my ASSETS!! Date: Fri, 14 Apr 2023 08:52:52 +0200 Message-ID: <87fs93lzuj.fsf@linux-m68k.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-8.2 required=5.0 tests=BAYES_00,GIT_PATCH_0,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Apr 13 2023, Adhemerval Zanella via Glibc-cvs wrote: > diff --git a/sysdeps/unix/sysv/linux/malloc-hugepages.c b/sysdeps/unix/sysv/linux/malloc-hugepages.c > index 683d68c327..740027ebfb 100644 > --- a/sysdeps/unix/sysv/linux/malloc-hugepages.c > +++ b/sysdeps/unix/sysv/linux/malloc-hugepages.c > @@ -61,6 +61,7 @@ __malloc_thp_mode (void) > > char str[sizeof(mode_always)]; > ssize_t s = __read_nocancel (fd, str, sizeof (str)); > + str[s] = '\0'; This is a buffer overflow if s >= sizeof (str) or s < 0. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."