diff options
| author | Xiaoming Ni <nixiaoming@huawei.com> | 2020-11-26 13:35:10 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2020-11-26 17:35:58 -0300 |
| commit | 106ff08526d3ca574ba86d891450ea55aa929712 (patch) | |
| tree | bdf0f8a9fee37a63ce497ccdce712711023f7a61 /io/tst-ftw-bz26353.c | |
| parent | db07fae8250401adb2b97ab3e53d41da2a6bd767 (diff) | |
| download | glibc-106ff08526d3ca574ba86d891450ea55aa929712.tar.gz glibc-106ff08526d3ca574ba86d891450ea55aa929712.tar.xz glibc-106ff08526d3ca574ba86d891450ea55aa929712.zip | |
io: nftw/ftw: Fix stack overflow with large nopenfd [BZ #26353]
The nopenfd value is used as argument for the internal buffer on ftw_statup, which is allocated with alloca and might trigger a stack overflow for large values. This patch replaces the memory allocation to use malloc instead. Checked on x86_64-linux-gnu. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Diffstat (limited to 'io/tst-ftw-bz26353.c')
| -rw-r--r-- | io/tst-ftw-bz26353.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/io/tst-ftw-bz26353.c b/io/tst-ftw-bz26353.c new file mode 100644 index 0000000000..a0725dcc66 --- /dev/null +++ b/io/tst-ftw-bz26353.c @@ -0,0 +1,70 @@ +/* test ftw bz26353: Check whether stack overflow occurs when the value + of the nopenfd parameter is too large. + + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <stdlib.h> +#include <stdio.h> +#include <ftw.h> +#include <errno.h> +#include <sys/resource.h> + +#include <support/temp_file.h> +#include <support/capture_subprocess.h> +#include <support/check.h> + +static int +my_func (const char *file, const struct stat *sb, int flag) +{ + return 0; +} + +static int +get_large_nopenfd (void) +{ + struct rlimit r; + TEST_COMPARE (getrlimit (RLIMIT_STACK, &r), 0); + if (r.rlim_cur == RLIM_INFINITY) + { + r.rlim_cur = 8 * 1024 * 1024; + TEST_COMPARE (setrlimit (RLIMIT_STACK, &r), 0); + } + return (int) r.rlim_cur; +} + +static void +do_ftw (void *unused) +{ + char *tempdir = support_create_temp_directory ("tst-bz26353"); + int large_nopenfd = get_large_nopenfd (); + TEST_COMPARE (ftw (tempdir, my_func, large_nopenfd), 0); + free (tempdir); +} + +/* Check whether stack overflow occurs. */ +static int +do_test (void) +{ + struct support_capture_subprocess result; + result = support_capture_subprocess (do_ftw, NULL); + support_capture_subprocess_check (&result, "bz26353", 0, sc_allow_none); + support_capture_subprocess_free (&result); + return 0; +} + +#include <support/test-driver.c> |