PATCH: ctdb: buffer write beyond limits
Martin Schwenke
martin at meltin.net
Thu Feb 21 09:47:25 UTC 2019
On Wed, 20 Feb 2019 13:46:14 -0700, Christof Schmitt <cs at samba.org>
wrote:
> On Wed, Feb 20, 2019 at 02:11:18PM +1100, Martin Schwenke via samba-technical wrote:
> > On Wed, 20 Feb 2019 13:59:15 +1100, Martin Schwenke via samba-technical
> > <samba-technical at lists.samba.org> wrote:
> >
> > > On Tue, 19 Feb 2019 16:17:30 -0700, Christof Schmitt via
> > > samba-technical <samba-technical at lists.samba.org> wrote:
> > >
> [...]
> [...]
> [...]
> > >
> > > Thanks for that. That looks really good. I always thought we would
> > > have problems writing unit tests for that code because it uses struct
> > > ctdb_context, which drags in the world, but this is nice!
> > >
> > > Ironically, the test refuses to compile with CFLAGS="-O3" and
> > > --picky-developer:
> > >
> > > [318/380] Compiling ctdb/tests/src/ctdb_io_test.c
> > > In file included from ../../tests/src/ctdb_io_test.c:23:
> > > ../../tests/src/ctdb_io_test.c: In function ‘test1_callback’:
> > > ../../tests/src/ctdb_io_test.c:70:9: error: ‘__builtin_memcmp_eq’ reading 12 bytes from a region of size 9 [-Werror=stringop-overflow=]
> > > assert(memcmp(data + sizeof(len), test1_req, len) == 0);
> > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > cc1: all warnings being treated as errors
> > >
> > > That is, the test reads off the end of the buffer... :-)
> > >
> > > The fixup below seems to do the job:
>
> The irony... Thanks you for the fix, that looks correct.
>
> > >
> > > diff --git a/ctdb/tests/src/ctdb_io_test.c b/ctdb/tests/src/ctdb_io_test.c
> > > index 22bd2f4930f..5a2f81538a1 100644
> > > --- a/ctdb/tests/src/ctdb_io_test.c
> > > +++ b/ctdb/tests/src/ctdb_io_test.c
> > > @@ -67,7 +67,7 @@ static void test1_callback(uint8_t *data, size_t length, void *private_data)
> > > assert(len == sizeof(uint32_t) + test1_req_len);
> > >
> > > assert(length == sizeof(uint32_t) + test1_req_len);
> > > - assert(memcmp(data + sizeof(len), test1_req, length) == 0);
> > > + assert(memcmp(data + sizeof(len), test1_req, test1_req_len) == 0);
> > > }
> > >
> > > static void test1(void)
> >
> > Oh, and if we're going to push it with the bug fix then can we please
> > add the bug tag?
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791
>
> Yes, here are the fix with my reviewed-by and the updated test patch.
> Besides your fix i also had to fix the dependency of the new test on
> tdb; otherwise a compile on a system without tdb.h fails.
> I started a pipeline run at
> https://gitlab.com/samba-team/devel/samba/pipelines/48450894
All looks good. Thanks again for the test!
Reviewed-by: Martin Schwenke <martin at meltin.net>
Pushed to autobuild...
peace & happiness,
martin
More information about the samba-technical
mailing list