about summary refs log tree commit diff
path: root/stdio-common/printf_size.c
diff options
context:
space:
mode:
authorSzabolcs Nagy <szabolcs.nagy@arm.com>2022-10-11 13:23:25 +0100
committerSzabolcs Nagy <szabolcs.nagy@arm.com>2022-11-22 14:24:26 +0000
commit2a287534c18a37536141e94dc98685a4ce10f89f (patch)
treedae535d07d7d96065cb3a7d3deb9c8b1573b202a /stdio-common/printf_size.c
parent65c576e7e58d99d80e294e6c0c02a530ca9375fb (diff)
downloadglibc-2a287534c18a37536141e94dc98685a4ce10f89f.tar.gz
glibc-2a287534c18a37536141e94dc98685a4ce10f89f.tar.xz
glibc-2a287534c18a37536141e94dc98685a4ce10f89f.zip
Fix malloc/tst-scratch_buffer OOB access
The test used scratch_buffer_dupfree incorrectly:

- The passed in size must be <= buf.length.
- Must be called at most once on a buf object since it frees it.
- After it is called buf.data and buf.length must not be accessed.

All of these were violated, the test happened to work because the
buffer was on the stack, which meant the test copied out-of-bounds
bytes from the stack into a new buffer and then compared those bytes.

Run one test and avoid the issues above.
Diffstat (limited to 'stdio-common/printf_size.c')
0 files changed, 0 insertions, 0 deletions