Linux Test Project / Bugs / #107 pipe10 calls strcmp() on unterminated string

#107 pipe10 calls strcmp() on unterminated string

Milestone: System Calls

Status: closed-accepted

Owner: mreed

Labels: Testcases (113)

Priority: 5

Updated: 2007-04-13

Created: 2006-12-04

Creator: Nicolas Dade

Private: No

ltp/testcases/kernel/syscalls/pipe/pipe10.c writes a string to the child. The length written is strlen(wrbuf), thus it does not include the terminating '\0'. The child read(2)s this into rebuf, and then calls strcmp(rebuf, wrbuf). Since rebuf is not properly terminated strcmp() can fail.

It looks like someone tried to fix this by adding a '\0' at the end of the string used to initialize wrbuf, but since the length sent is determined by strlen(3) that makes no difference.

A simple fix is to include the '\0' in the data written to the child. Patch below.

Discussion

Nicolas Dade - 2006-12-04

patch to fix pipe10.c calling strcmp() on unterminated string

pipe10_rebuf_unterminated_str_fix.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert Williamson - 2006-12-04

assigned_to: nobody --> mreed10
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Subrata Modak - 2007-04-13

Logged In: YES
user_id=1737361
Originator: NO

Patch Applied and Bug closed.

Thanks--
Subrata

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Subrata Modak - 2007-04-13

status: open --> closed-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

pipe10 calls strcmp() on unterminated string

Testsuite to validate the reliability, robustness, stability of Linux.

Group

Searches

Help

#107 pipe10 calls strcmp() on unterminated string

Discussion