[PATCH v3] Fix off-by-one OOB write in iconv/tst-iconv-mt

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: <libc-alpha@sourceware.org>
Subject: [PATCH v3] Fix off-by-one OOB write in iconv/tst-iconv-mt
Date: Mon, 2 Oct 2023 15:16:31 +0100	[thread overview]
Message-ID: <20231002141631.1882760-1-szabolcs.nagy@arm.com> (raw)

The iconv buffer sizes must not include the \0 string terminator.
And the output termination with *outbufpos = '\0' was OOB.

Consistently use non-null-terminated buffer sizes.

---
v2: dropped \0 and replaced strncmp with TEST_COMPARE_BLOB.
v3: unchanged. (rebase)
---
 iconv/tst-iconv-mt.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/iconv/tst-iconv-mt.c b/iconv/tst-iconv-mt.c
index e634eec1b7..8d7867b323 100644
--- a/iconv/tst-iconv-mt.c
+++ b/iconv/tst-iconv-mt.c
@@ -57,12 +57,13 @@ worker (void * arg)
   iconv_t cd;
 
   char ascii[] = CONV_INPUT;
+  size_t bytes = sizeof (CONV_INPUT) - 1;
   char *inbufpos = ascii;
-  size_t inbytesleft = sizeof (CONV_INPUT);
+  size_t inbytesleft = bytes;
 
-  char *utf8 = xcalloc (sizeof (CONV_INPUT), 1);
+  char *utf8 = xcalloc (bytes, 1);
   char *outbufpos = utf8;
-  size_t outbytesleft = sizeof (CONV_INPUT);
+  size_t outbytesleft = bytes;
 
   if (tidx < TCOUNT/2)
     /* The first half of the worker thread pool synchronize together here,
@@ -91,8 +92,6 @@ worker (void * arg)
                            &outbytesleft)
                     != (size_t) -1);
 
-  *outbufpos = '\0';
-
   xpthread_barrier_wait (&sync);
 
   TEST_VERIFY_EXIT (iconv_close (cd) == 0);
@@ -104,11 +103,7 @@ worker (void * arg)
   if (tidx < TCOUNT/2)
     xpthread_barrier_wait (&sync);
 
-  if (strncmp (utf8, CONV_INPUT, sizeof CONV_INPUT))
-    {
-      printf ("FAIL: thread %lx: invalid conversion output from iconv\n", tidx);
-      pthread_exit ((void *) (long int) 1);
-    }
+  TEST_COMPARE_BLOB (utf8, bytes, CONV_INPUT, bytes);
 
   pthread_exit (NULL);
 }
-- 
2.25.1

next             reply	other threads:[~2023-10-02 14:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-02 14:16 Szabolcs Nagy [this message]
2023-10-03 16:59 ` Adhemerval Zanella Netto

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231002141631.1882760-1-szabolcs.nagy@arm.com \
    --to=szabolcs.nagy@arm.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).