[PATCH v2] test-strnlen.c: Check that strnlen won't go beyond the maximum length

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: "H.J. Lu" <hjl.tools@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "H.J. Lu via Libc-alpha" <libc-alpha@sourceware.org>
Subject: [PATCH v2] test-strnlen.c: Check that strnlen won't go beyond the maximum length
Date: Sat, 27 Mar 2021 11:09:32 -0700	[thread overview]
Message-ID: <CAMe9rOoZ1PtPWdFjEn0uU6BE2haG2frA=rmueYV4cOMk1hhpRw@mail.gmail.com> (raw)
In-Reply-To: <87ft0g8oz4.fsf@mid.deneb.enyo.de>

[-- Attachment #1: Type: text/plain, Size: 1335 bytes --]

On Sat, Mar 27, 2021 at 10:51 AM Florian Weimer <fw@deneb.enyo.de> wrote:
>
> * H. J. Lu via Libc-alpha:
>
> > Run strnlen tests on strings without the null byte around the page
> > boundary.
> > ---
> >  string/test-strnlen.c | 26 ++++++++++++++++++++++++++
> >  1 file changed, 26 insertions(+)
> >
> > diff --git a/string/test-strnlen.c b/string/test-strnlen.c
> > index 61eb521dc1..a49d93afa2 100644
> > --- a/string/test-strnlen.c
> > +++ b/string/test-strnlen.c
> > @@ -196,6 +196,31 @@ do_page_tests (void)
> >      }
> >  }
> >
> > +/* Tests meant to unveil fail on implementation that does not access bytes
> > +   without the null character around the page boundary accordingly.  */
>
> I don't understand the comment.  Based on it, I would have expected a
> null byte at the page boundary, which is incorrectly ignored by the
> implementation.

It places strings ending at page boundary without the null byte.  If an
implementation goes beyond EXP_LEN, it will trigger the segfault.

> > +static void
> > +do_page_2_tests (void)
> > +{
> > +  size_t i, exp_len, offset;
> > +  size_t last_offset = page_size / sizeof (CHAR);
> > +
> > +  CHAR *s = (CHAR *) buf2;
> > +  memset (s, 65, page_size);
>
> I think this needs to use wmemset for the WIDE case, see
> wcsmbs/test-wcsnlen.c.

Fixed.

Here is the v2 patch.

-- 
H.J.

[-- Attachment #2: v2-0001-test-strnlen.c-Check-that-strnlen-won-t-go-beyond.patch --]
[-- Type: text/x-patch, Size: 1605 bytes --]

From c5d32deca0a024784fa3d9743ddffe38b567ec8c Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sat, 27 Mar 2021 09:06:39 -0700
Subject: [PATCH v2] test-strnlen.c: Check that strnlen won't go beyond the
 maximum length

Place strings ending at page boundary without the null byte.  If an
implementation goes beyond EXP_LEN, it will trigger the segfault.
---
 string/test-strnlen.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/string/test-strnlen.c b/string/test-strnlen.c
index 0293acbc71..d70faa26ab 100644
--- a/string/test-strnlen.c
+++ b/string/test-strnlen.c
@@ -198,6 +198,35 @@ do_page_tests (void)
     }
 }
 
+/* Tests meant to unveil fail on implementations that access bytes
+   beyond the maxium length.  */
+
+static void
+do_page_2_tests (void)
+{
+  size_t i, exp_len, offset;
+  size_t last_offset = page_size / sizeof (CHAR);
+
+  CHAR *s = (CHAR *) buf2;
+  MEMSET (s, 65, last_offset);
+
+  /* Place short strings ending at page boundary without the null
+     byte.  */
+  offset = last_offset;
+  for (i = 0; i < 128; i++)
+    {
+      /* Decrease offset to stress several sizes and alignments.  */
+      offset--;
+      exp_len = last_offset - offset;
+      FOR_EACH_IMPL (impl, 0)
+	{
+	  /* If an implementation goes beyond EXP_LEN, it will trigger
+	     the segfault.  */
+	  do_one_test (impl, (CHAR *) (s + offset), exp_len, exp_len);
+	}
+    }
+}
+
 int
 test_main (void)
 {
@@ -244,6 +273,7 @@ test_main (void)
 
   do_random_tests ();
   do_page_tests ();
+  do_page_2_tests ();
   return ret;
 }
 
-- 
2.30.2

next prev parent reply	other threads:[~2021-03-27 18:10 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-27 16:24 [PATCH] " H.J. Lu
2021-03-27 17:51 ` Florian Weimer
2021-03-27 18:09   ` H.J. Lu [this message]
2021-03-27 18:34     ` [PATCH v2] test-strnlen.c: " Florian Weimer
2022-01-27 17:09       ` H.J. Lu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMe9rOoZ1PtPWdFjEn0uU6BE2haG2frA=rmueYV4cOMk1hhpRw@mail.gmail.com' \
    --to=hjl.tools@gmail.com \
    --cc=fw@deneb.enyo.de \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).