From 15ce3c9b37c2767c82de249e60781439c9abaf78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 17 May 2022 15:01:04 +0200 Subject: [PATCH] glib/tests/spawn-path-search: fix stack-buffer-overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ==24477==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffde020de20 at pc 0x7f2e6f6413f1 bp 0x7ffde020c9d0 sp 0x7ffde020c180 READ of size 4101 at 0x7ffde020de20 thread T0 #0 0x7f2e6f6413f0 in __interceptor_strlen.part.0 (/lib64/libasan.so.8+0x4c3f0) #1 0x7f2e6ef4abee in g_build_path_va ../glib/gfileutils.c:1908 #2 0x7f2e6f085956 in g_test_build_filename_va ../glib/gtestutils.c:4294 #3 0x7f2e6f086684 in g_test_build_filename ../glib/gtestutils.c:4365 #4 0x403a33 in test_search_path_heap_allocation ../glib/tests/spawn-path-search.c:422 #5 0x7f2e6f0839a5 in test_case_run ../glib/gtestutils.c:2930 #6 0x7f2e6f0839a5 in g_test_run_suite_internal ../glib/gtestutils.c:3018 #7 0x7f2e6f0834ed in g_test_run_suite_internal ../glib/gtestutils.c:3035 #8 0x7f2e6f084879 in g_test_run_suite ../glib/gtestutils.c:3112 #9 0x7f2e6f084995 in g_test_run ../glib/gtestutils.c:2231 #10 0x40145f in main ../glib/tests/spawn-path-search.c:488 #11 0x7f2e6e31258f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f) #12 0x7f2e6e312648 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2d648) #13 0x401524 in _start (/home/elmarco/src/gnome/glib/build/glib/tests/spawn-path-search+0x401524) Address 0x7ffde020de20 is located in stack of thread T0 at offset 4256 in frame #0 0x40387f in test_search_path_heap_allocation ../glib/tests/spawn-path-search.c:401 Signed-off-by: Marc-André Lureau --- glib/tests/spawn-path-search.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/glib/tests/spawn-path-search.c b/glib/tests/spawn-path-search.c index 5008fc960..221849d5c 100644 --- a/glib/tests/spawn-path-search.c +++ b/glib/tests/spawn-path-search.c @@ -417,7 +417,8 @@ test_search_path_heap_allocation (void) if (skip_win32 ()) return; - memset (placeholder, '_', sizeof (placeholder)); + memset (placeholder, '_', sizeof (placeholder) - 1); + placeholder[sizeof (placeholder) - 1] = '\0'; /* Force search_path_buffer to be heap-allocated */ long_dir = g_test_build_filename (G_TEST_BUILT, "path-test-subdir", placeholder, NULL); long_path = g_strjoin (G_SEARCHPATH_SEPARATOR_S, subdir, long_dir, NULL);