[Ltp-cvs] ltp/testcases/kernel/fs/ftest libftest.c, 1.1, 1.2 libftest.h, 1.1, 1.2

[Garrett C. <yab...@us...>]

Update of /cvsroot/ltp/ltp/testcases/kernel/fs/ftest
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv5067/ftest

Modified Files:
	libftest.c libftest.h 
Log Message:
Resolve buffer overflow issue with ftest[37] reported by glibc by changing char* type to void* type. I didn't use caddr_t because caddr_t has its own set of caveats with 32-bit userland vs 64-bit kernel, etc...

Hi,
   I've been seeing the following messages when ftest03 and ftest07
are executed on a regular basis as of late (may be due to a recent
glibc upgrade):

*** buffer overflow detected ***: ftest03 terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f100b0c3867]
/lib/libc.so.6[0x7f100b0c1680]
/lib/libc.so.6[0x7f100b0c0979]
/lib/libc.so.6(_IO_default_xsputn+0x85)[0x7f100b04ef25]
/lib/libc.so.6(_IO_vfprintf+0x1fed)[0x7f100b0216dd]
/lib/libc.so.6(__vsprintf_chk+0x9d)[0x7f100b0c0a1d]
/lib/libc.so.6(__sprintf_chk+0x80)[0x7f100b0c0960]
ftest03[0x401f05]
ftest03[0x402a76]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f100affba26]
ftest03[0x401d59]
======= Memory map: ========
00400000-00408000 r-xp 00000000 fd:03 74957
 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest03
00608000-00609000 r--p 00008000 fd:03 74957
 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest03
00609000-0060a000 rw-p 00009000 fd:03 74957
 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest03
0060a000-0060f000 rw-p 00000000 00:00 0
01f91000-01fb2000 rw-p 00000000 00:00 0                                  [heap]
7f100adc6000-7f100addc000 r-xp 00000000 fd:03 6454
 /lib64/libgcc_s.so.1
7f100addc000-7f100afdb000 ---p 00016000 fd:03 6454
 /lib64/libgcc_s.so.1
7f100afdb000-7f100afdc000 r--p 00015000 fd:03 6454
 /lib64/libgcc_s.so.1
7f100afdc000-7f100afdd000 rw-p 00016000 fd:03 6454
 /lib64/libgcc_s.so.1
7f100afdd000-7f100b12c000 r-xp 00000000 fd:03 5882
 /lib64/libc-2.10.1.so
7f100b12c000-7f100b32c000 ---p 0014f000 fd:03 5882
 /lib64/libc-2.10.1.so
7f100b32c000-7f100b330000 r--p 0014f000 fd:03 5882
 /lib64/libc-2.10.1.so
7f100b330000-7f100b331000 rw-p 00153000 fd:03 5882
 /lib64/libc-2.10.1.so
7f100b331000-7f100b336000 rw-p 00000000 00:00 0
7f100b336000-7f100b353000 r-xp 00000000 fd:03 5871
 /lib64/ld-2.10.1.so
7f100b536000-7f100b538000 rw-p 00000000 00:00 0
7f100b550000-7f100b552000 rw-p 00000000 00:00 0
7f100b552000-7f100b553000 r--p 0001c000 fd:03 5871
 /lib64/ld-2.10.1.so
7f100b553000-7f100b554000 rw-p 0001d000 fd:03 5871
 /lib64/ld-2.10.1.so
7fffe07b0000-7fffe07c5000 rw-p 00000000 00:00 0                          [stack]
7fffe07ff000-7fffe0800000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
 [vsyscall]
*** buffer overflow detected ***: ftest07 terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f8678b10867]
/lib/libc.so.6[0x7f8678b0e680]
/lib/libc.so.6[0x7f8678b0d979]
/lib/libc.so.6(_IO_default_xsputn+0x85)[0x7f8678a9bf25]
/lib/libc.so.6(_IO_vfprintf+0x1fed)[0x7f8678a6e6dd]
/lib/libc.so.6(__vsprintf_chk+0x9d)[0x7f8678b0da1d]
/lib/libc.so.6(__sprintf_chk+0x80)[0x7f8678b0d960]
ftest07[0x401ec5]
ftest07[0x402a76]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f8678a48a26]
ftest07[0x401d19]
======= Memory map: ========
00400000-00408000 r-xp 00000000 fd:03 74961
 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest07
00608000-00609000 r--p 00008000 fd:03 74961
 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest07
00609000-0060a000 rw-p 00009000 fd:03 74961
 /tmp/tmp.9O93FRsMhN/ltp/testcases/bin/ftest07
0060a000-0060f000 rw-p 00000000 00:00 0
01f3f000-01f60000 rw-p 00000000 00:00 0                                  [heap]
7f8678813000-7f8678829000 r-xp 00000000 fd:03 6454
 /lib64/libgcc_s.so.1
7f8678829000-7f8678a28000 ---p 00016000 fd:03 6454
 /lib64/libgcc_s.so.1
7f8678a28000-7f8678a29000 r--p 00015000 fd:03 6454
 /lib64/libgcc_s.so.1
7f8678a29000-7f8678a2a000 rw-p 00016000 fd:03 6454
 /lib64/libgcc_s.so.1
7f8678a2a000-7f8678b79000 r-xp 00000000 fd:03 5882
 /lib64/libc-2.10.1.so
7f8678b79000-7f8678d79000 ---p 0014f000 fd:03 5882
 /lib64/libc-2.10.1.so
7f8678d79000-7f8678d7d000 r--p 0014f000 fd:03 5882
 /lib64/libc-2.10.1.so
7f8678d7d000-7f8678d7e000 rw-p 00153000 fd:03 5882
 /lib64/libc-2.10.1.so
7f8678d7e000-7f8678d83000 rw-p 00000000 00:00 0
7f8678d83000-7f8678da0000 r-xp 00000000 fd:03 5871
 /lib64/ld-2.10.1.so
7f8678f83000-7f8678f85000 rw-p 00000000 00:00 0
7f8678f9d000-7f8678f9f000 rw-p 00000000 00:00 0
7f8678f9f000-7f8678fa0000 r--p 0001c000 fd:03 5871
 /lib64/ld-2.10.1.so
7f8678fa0000-7f8678fa1000 rw-p 0001d000 fd:03 5871
 /lib64/ld-2.10.1.so
7fffeffa2000-7fffeffb7000 rw-p 00000000 00:00 0                          [stack]
7fffeffff000-7ffff0000000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
 [vsyscall]

   gcooper@orangebox /scratch/ltp $ emerge --info
Portage 2.1.6.13 (default/linux/amd64/10.0, gcc-4.3.4,
glibc-2.10.1-r1, 2.6.31-gentoo-r6 x86_64)
=================================================================
System uname: Linux-2.6.31-gentoo-r6-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q9400_@_2.66GHz-with-gentoo-1.12.13
Timestamp of tree: Sun, 24 Jan 2010 07:00:21 +0000
app-shells/bash:     4.0_p35
dev-java/java-config: 2.1.9-r2
dev-lang/python:     2.6.4
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.27-r2

   Figuring that ftest07.c compiled (mostly) without warnings, I
thought it might be an issue common to both tests.

Signed-off-by: Garrett Cooper <yan...@gm...>
Acked-by: K.D. Lucas <kd...@gm...>



Index: libftest.h
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/fs/ftest/libftest.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** libftest.h	18 Sep 2009 17:44:08 -0000	1.1
--- libftest.h	5 Feb 2010 15:35:32 -0000	1.2
***************
*** 35,39 ****
   * Dump bits string.
   */
! void ft_dumpbits(char *bits, int size);
  
  /*
--- 35,39 ----
   * Dump bits string.
   */
! void ft_dumpbits(void *bits, size_t size);
  
  /*

Index: libftest.c
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/fs/ftest/libftest.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** libftest.c	18 Sep 2009 17:44:08 -0000	1.1
--- libftest.c	5 Feb 2010 15:35:30 -0000	1.2
***************
*** 18,21 ****
--- 18,22 ----
  
  #include <sys/uio.h>
+ #include <assert.h>
  #include "test.h"
  #include "libftest.h"
***************
*** 62,75 ****
   * Dump bits string.
   */
! void ft_dumpbits(char *bits, int size)
  {
! 	char *buf;
  
  	tst_resm(TINFO, "\tBits array:");
  
  	for (buf = bits; size > 0; --size, ++buf) {
! 		if ((buf-bits) % 16 == 0)
! 			tst_resm(TINFO, "\t%04x:\t", 8*(buf-bits));
! 		tst_resm(TINFO, "\t%02x ", *buf & 0xff);
  	}
  
--- 63,78 ----
   * Dump bits string.
   */
! void ft_dumpbits(void *bits, size_t size)
  {
! 	void *buf;
  
  	tst_resm(TINFO, "\tBits array:");
  
  	for (buf = bits; size > 0; --size, ++buf) {
! 		if ((buf-bits) % 16 == 0) {
! 			assert (0 < (buf-bits));
! 			tst_resm(TINFO, "\t%lu:\t", 8*(buf-bits));
! 		}
! 		tst_resm(TINFO, "\t%02x ", *((char*) buf) & 0xff);
  	}