Re: buffer overflow in t_vis.c

To: Brooks Davis <brooks%freebsd.org@localhost>
Subject: Re: buffer overflow in t_vis.c
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Thu, 13 Apr 2017 10:28:47 -0500

On 04/13, Brooks Davis wrote:
> diff --git a/contrib/netbsd-tests/lib/libc/gen/t_vis.c b/contrib/netbsd-tests/lib/libc/gen/t_vis.c
> index adb0930a300..9b9501d5b9c 100644
> --- a/contrib/netbsd-tests/lib/libc/gen/t_vis.c
> +++ b/contrib/netbsd-tests/lib/libc/gen/t_vis.c
> @@ -68,7 +68,12 @@ ATF_TC_BODY(strvis_basic, tc)
>  	char *srcbuf, *dstbuf, *visbuf;
>  	unsigned int i, j;
>  
> -	ATF_REQUIRE((dstbuf = malloc(SIZE)) != NULL);
> +	/*
> +	 * NB: unvis(3) stats that dstbuf should be the size of visbuf

s/stats/states/

> +	 * (the source buffer).  In practice, 1-byte larger than srcbuf
> +	 * is sufficient to accommodate the undocumented '\0' termination.
> +	 */
> +	ATF_REQUIRE((dstbuf = malloc(SIZE + 1)) != NULL);
>  	ATF_REQUIRE((srcbuf = malloc(SIZE)) != NULL);
>  	ATF_REQUIRE((visbuf = malloc(SIZE * 4 + 1)) != NULL);
>

References:
- buffer overflow in t_vis.c
  - From: Brooks Davis

Prev by Date: Re: buffer overflow in t_vis.c
Next by Date: Re: buffer overflow in t_vis.c
Previous by Thread: Re: buffer overflow in t_vis.c
Indexes:

Home | Main Index | Thread Index | Old Index