From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2072.outbound.protection.outlook.com [40.107.22.72]) by sourceware.org (Postfix) with ESMTPS id 0CB253857031 for ; Fri, 28 Oct 2022 11:24:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0CB253857031 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=fP1S6ytgtsKttPFy2J7a+Cejw/U7UIGvQJZtJB5EpbLIwDy08zhQWPwMfO3+o+w/t9zjVdbx8wsh9TQcfQauPKJ9Z8Rh1cTbz2LL9P+2vLGUabbbj4OPWK3LK3cmIVIYR/qq0W20+7jUmhBKO4k3jQbJxi5X4sV0m3U8a0U6ab7Sa095JUHB/kSN2ihFZYp3FAkjbdF4Oy1vVUeI+F00heRM1pgoMj+Uz+Bn5OoZN9Kx/Aut/KGwLNdmJJtECDfSItPn2X4LmX0xUJhsqbGplO6X60dXd1UphdYRRDkP1C67wrd6MQxotdyMNeWMWBA/xqMF4fvLDZ3qTmBE40tbxQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MN6QIZb5j6YmUSFM8KvaMpODJA0bT2inRqPELGow8L4=; b=XRF6aXfJudTu0vk36p54Sia1pr4LmdnYF0wjnKWmC355sMrWRFVN9zFKZfOjlngVJ6349eTSWf+eJKBIEMHCyo0se8rNeK1Bngbq3cFIOnp3XzlVIHj2YyNEWUj7cudkc4o/sElx/q5qW++AtgQcWF6mnRbOhqvtcoEj1z4gwAWNimX6fbxTU7h2guQjUw+P84jYWAd9ef3TKfWiwmU79Dr8w4hkE43F56wTIW3Ja0EcK1ouDTO26nmmmBAu+CF8mVU8mzdhVZa4TJMzFMZfuOLY3A4ZRorvmMdI6akzQaQ9vfpdC6xoMXFpcWeqVEfS6kxuxXMPtcyhEdspRNxYxg== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MN6QIZb5j6YmUSFM8KvaMpODJA0bT2inRqPELGow8L4=; b=xudx5WvwcgmaBJv8RumFMaus/q1g34VO8SMQi5VCsx8M0r5bR+hL68zPzaA8TeQ3XzJv9hAGbKr42CKSpghhanJrRsy0dyEoy/AOQRP1Mw5IwLYT10YLTZD+RlGYd6gW6zTW2VFAXkYs7l20+JbxhMdgRjFv8h+vwcBBInORM7o= Received: from AS9P194CA0030.EURP194.PROD.OUTLOOK.COM (2603:10a6:20b:46d::26) by AS4PR08MB7432.eurprd08.prod.outlook.com (2603:10a6:20b:4e4::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 11:24:29 +0000 Received: from AM7EUR03FT026.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:46d:cafe::f0) by AS9P194CA0030.outlook.office365.com (2603:10a6:20b:46d::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 11:24:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT026.mail.protection.outlook.com (100.127.140.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 11:24:29 +0000 Received: ("Tessian outbound 2ff13c8f2c05:v130"); Fri, 28 Oct 2022 11:24:29 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 115c99dcbe187e64 X-CR-MTA-TID: 64aa7808 Received: from a7871bd77566.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 64E5F223-37C6-46E3-982A-EBFA7F4CA3A1.1; Fri, 28 Oct 2022 11:24:22 +0000 Received: from EUR01-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a7871bd77566.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 28 Oct 2022 11:24:22 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bK899P4RsWyOokK8+jXOPMhzYltWo/Ssdz1vMvBlGXkbQV2l9omXdm3aQM6JD6wm5YEV+8mcAOaXEbWyP3XsWDc+hnqDzhXAQAgPXGruNr9I5XB8T7yICU7YtM3DQoHuRl6nnQfyVk/ysgLQztlQ/cE/qVgpSDIB6BWksCNbktQKzby5ZwzdQ15f07pXJ49Q8qf6+onwOmauY5dEBnrQXPcPWHcsTJcOgk/MXN+tvm+nxnw4RGqMDncVs5e4n7IPmdw2c+WbTZvfq384KTDNVYHQ0RduqCMzvolH72XYKDOXMrdXEvXmlSkKG5wyvKxHjd9+FRNkhdxm226YwTBeyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MN6QIZb5j6YmUSFM8KvaMpODJA0bT2inRqPELGow8L4=; b=GcnNp0FfeiHrsLlQ9MSnKSg9K/Sf53fsW8WuHvc646aLiKPb10kNQnYWRARBLtnFHPJFTk/t0xqT/chtq/bRr81WL9HJQF0XHI0B/C+dMy6vw6cp8YjtO7+9ypK5kMMgc+nCaU4QYVU+iJN2EHzue5YpDPzHTev6i4mEYQvFP1QFCWWWqPn2H+uFra1FPnkraPBNAzsmikXlulCuSeXnZprOEy+e6fK2JTe0zRbvjAy62VH4iep41qv50qtXbswEuB70KloqHDSi2RaQZQfG6dYpl2QBKDfOWSdk814WZiDVvnPhE5Zh8nAwqahmG797oZH9hxrfJ3amLA2Zc3EtMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MN6QIZb5j6YmUSFM8KvaMpODJA0bT2inRqPELGow8L4=; b=xudx5WvwcgmaBJv8RumFMaus/q1g34VO8SMQi5VCsx8M0r5bR+hL68zPzaA8TeQ3XzJv9hAGbKr42CKSpghhanJrRsy0dyEoy/AOQRP1Mw5IwLYT10YLTZD+RlGYd6gW6zTW2VFAXkYs7l20+JbxhMdgRjFv8h+vwcBBInORM7o= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) by PAWPR08MB9030.eurprd08.prod.outlook.com (2603:10a6:102:342::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14; Fri, 28 Oct 2022 11:24:19 +0000 Received: from DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::8999:7c8d:d088:d198]) by DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::8999:7c8d:d088:d198%5]) with mapi id 15.20.5723.029; Fri, 28 Oct 2022 11:24:18 +0000 Date: Fri, 28 Oct 2022 12:24:00 +0100 From: Szabolcs Nagy To: Florian Weimer Cc: Szabolcs Nagy via Libc-alpha Subject: Re: [PATCH 16/20] Fix malloc/tst-scratch_buffer OOB access Message-ID: References: <87zgdgh5du.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87zgdgh5du.fsf@oldenburg.str.redhat.com> X-ClientProxiedBy: SA9PR13CA0174.namprd13.prod.outlook.com (2603:10b6:806:28::29) To DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: DB9PR08MB7179:EE_|PAWPR08MB9030:EE_|AM7EUR03FT026:EE_|AS4PR08MB7432:EE_ X-MS-Office365-Filtering-Correlation-Id: 385220f0-c23a-433e-3ac8-08dab8d6fa88 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: Xk2BFOhXs2jqQvNnSkW3m8LbPkN8gQbFDhzmAm56QHH0xJMcFu43vfFRSoXkZQOuazWKtSyy7ZPble/bABjhNaWNELFkqo7PKyrIz1GU+DeU9n9n9donEtsPmmOkJPQ8I9f5gLpX3NCk7bREYbs4Q6BfE4YYw5cWPWfBo9v+sh39A5M1uLnKQGSKpShIGskY67v+b7ln4MpruoflDlAhoUWoM4RlnvjkPj821GiTTodG5WjQcTLb9PqSNLnTawgt05+yocypLf6lpANZ/W+j0IF/Iu0QjfdpK7lHNhmAdWlYXXvw1E+GeJJGV/Wb7Xc7eijDE5dDU3c6MdUQBoYeRnahAkbd2ToASvgs8Ee6G5TqnZ3XchsaM2jC7tonC63hbgTca9qw+lTPE5h+Tkx2Nb20BFxPpeH+5wTQ4xf8VVU2OhHfyOcAkkP2JSLSowfkambVhsDrh/4zHE7qUyD6aJVrVqCv6YgyJKai6qA8WQ6hwjrPM59dp77rLoOzfF/w2XnqBuYDewXZmKgQ85zWg64fnZPggBG31L0hsrixm1tasKXESo2k78UPcC7M/MJdwKCCYkvcb76UGb5RMxqrOA+kLlAzBnYDfkl74aQL9xOSMWxcd7Rj1oPdx7ebV+de31IWbyalaqt/FePNeUddhplyJV/Xz6AqnduzNgMMVt5iZ0gGqBmscEBN5C9gV76haP26RnPQKOlkFfYiII+kUg== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(366004)(396003)(136003)(346002)(376002)(451199015)(6486002)(5660300002)(38100700002)(478600001)(66946007)(66556008)(41300700001)(8936002)(86362001)(66476007)(4326008)(36756003)(6916009)(8676002)(316002)(2616005)(2906002)(186003)(6506007)(44832011)(83380400001)(6512007)(6666004)(26005);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB9030 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT026.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 93e7bac9-58bb-4cbc-189b-08dab8d6f3e2 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CSlfRvu/HRjiEr1Os4ArLX11A2VTx11bBbCVRDBiM6vO9KzSMgpXwGVTZ5A5KTOmmrlNe7zIRqi/AYWfjAFm8cDCc0YPPekJM9nEKElhpACr+kprLmGnzFoB7t4KwZ/4GmqXEtYyNNEgp4fojRSPVYK5zVnkmenx2o1fh/F0VZJxS+KyH8OPJ6dpz8tN715kXKV5dla9dnVA3kkRVWqD7zrdVDtlxOj9+wod2+bmM3Z77D6iTYEWenOM3EdQud/3Lwqn3ecLxQS3lTCwKDlAN7UFGz8/bKihyM+iWkBoC3s9UPbzoYKRexY5niH+yKX7bkPXHQPwygCJpVKCMA7/78R8TIu5XR1tFe/0qVkfmmjEKC9XKNO+3dpe1NaytnCre7U91Q/EIQk+gpnzGwRCbRQ+4BZTKyVNz9x9g0BmxaYiampF1JPUVY0KdDxj1WpJondPTGHLPwT8uax5SjBRhZ/yC76g9XrvHZaYCPPMVgGU57L8LqwZTJm2IQPDoFIyhZQDalLSmLUch7wU8K9DRv8a/8U3mPu990YkstRyJ9wGGDygMu/vk648/0g2BKc0H4WBj0oeOmGm29lvV+4+B+cDIqN76QilVbdfHsCsh6pEZeXL+B+GeH48c+fSviI/50Pf4JedgjI+q0FPDwIyqqR5JxuULKlJnp1dzLKAGcLuOCkSaARmcO6vOt1M93yymgarYOauweuR9jUxFJYHVipf7+bTLok1sDMB3ec5/CN0ojvT7qz8gpq7WcmWhJGQN393pSwnG60fhPhbKaBXBQ== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(136003)(376002)(396003)(346002)(451199015)(40470700004)(46966006)(36840700001)(86362001)(36756003)(82740400003)(356005)(81166007)(2906002)(47076005)(336012)(186003)(44832011)(40480700001)(40460700003)(6666004)(478600001)(26005)(6506007)(36860700001)(6512007)(2616005)(83380400001)(70586007)(8676002)(6486002)(82310400005)(316002)(4326008)(70206006)(5660300002)(41300700001)(8936002)(6862004);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 11:24:29.1465 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 385220f0-c23a-433e-3ac8-08dab8d6fa88 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT026.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR08MB7432 X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,GIT_PATCH_0,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The 10/28/2022 07:41, Florian Weimer wrote: > * Szabolcs Nagy via Libc-alpha: > > test used scratch_buffer_dupfree incorrectly: > > > > - The passed in size must be <= buf.length. > > - Must be called at most once on a buf object since it frees it. > > - After it is called buf.data and buf.length must not be accessed. > > > > All of these were violated, the test happened to work because the > > buffer was on the stack, which meant the test copied out-of-bounds > > bytes from the stack into a new buffer and then compared those bytes. > > > > Run one test and avoid the issues above. > > --- > > malloc/tst-scratch_buffer.c | 22 +++++++--------------- > > 1 file changed, 7 insertions(+), 15 deletions(-) > > > > diff --git a/malloc/tst-scratch_buffer.c b/malloc/tst-scratch_buffer.c > > index 9fcb11ba2c..60a513ccc6 100644 > > --- a/malloc/tst-scratch_buffer.c > > +++ b/malloc/tst-scratch_buffer.c > > @@ -155,21 +155,13 @@ do_test (void) > > struct scratch_buffer buf; > > scratch_buffer_init (&buf); > > memset (buf.data, '@', buf.length); > > - > > - size_t sizes[] = { 16, buf.length, buf.length + 16 }; > > - for (int i = 0; i < array_length (sizes); i++) > > - { > > - /* The extra size is unitialized through realloc. */ > > - size_t l = sizes[i] > buf.length ? sizes[i] : buf.length; > > - void *r = scratch_buffer_dupfree (&buf, l); > > - void *c = xmalloc (l); > > - memset (c, '@', l); > > - TEST_COMPARE_BLOB (r, l, buf.data, l); > > - free (r); > > - free (c); > > - } > > - > > - scratch_buffer_free (&buf); > > + size_t l = 16 <= buf.length ? 16 : buf.length; > > + void *r = scratch_buffer_dupfree (&buf, l); > > + void *c = xmalloc (l); > > + memset (c, '@', l); > > + TEST_COMPARE_BLOB (r, l, c, l); > > + free (r); > > + free (c); > > } > > return 0; > > } > > I think we should keep the test loop, but create a new scratch buffer on > each iteration. given the documentation of scratch_buffer_dupfree i don't see how the test supposed to work with sizes > buf.length or what's the point of this loop.