diff options
author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2022-10-11 13:23:25 +0100 |
---|---|---|
committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2022-11-22 14:24:26 +0000 |
commit | 2a287534c18a37536141e94dc98685a4ce10f89f (patch) | |
tree | dae535d07d7d96065cb3a7d3deb9c8b1573b202a /stdio-common/printf_size.c | |
parent | 65c576e7e58d99d80e294e6c0c02a530ca9375fb (diff) | |
download | glibc-2a287534c18a37536141e94dc98685a4ce10f89f.tar.gz glibc-2a287534c18a37536141e94dc98685a4ce10f89f.tar.xz glibc-2a287534c18a37536141e94dc98685a4ce10f89f.zip |
Fix malloc/tst-scratch_buffer OOB access
The test used scratch_buffer_dupfree incorrectly: - The passed in size must be <= buf.length. - Must be called at most once on a buf object since it frees it. - After it is called buf.data and buf.length must not be accessed. All of these were violated, the test happened to work because the buffer was on the stack, which meant the test copied out-of-bounds bytes from the stack into a new buffer and then compared those bytes. Run one test and avoid the issues above.
Diffstat (limited to 'stdio-common/printf_size.c')
0 files changed, 0 insertions, 0 deletions