[PATCH v4 next 06/23] selftests/nolibc: Check that snprintf() doesn't write beyond the buffer end
From: david . laight . linux
Date: Mon Mar 02 2026 - 05:26:27 EST
From: David Laight <david.laight.linux@xxxxxxxxx>
Fill buf[] with known data and check the vsnprintf() doesn't write
beyond the specified buffer length.
Would have picked up the bug in field padding.
Signed-off-by: David Laight <david.laight.linux@xxxxxxxxx>
---
v4: split out from patch 3
tools/testing/selftests/nolibc/nolibc-test.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c
index dc60ac0d1a05..420f2d25e8cf 100644
--- a/tools/testing/selftests/nolibc/nolibc-test.c
+++ b/tools/testing/selftests/nolibc/nolibc-test.c
@@ -1671,6 +1671,10 @@ static int expect_vfprintf(int llen, const char *expected, const char *fmt, ...)
va_list args;
ssize_t w, expected_len;
+ /* Fill and terminate buf[] to check for overlong/absent writes */
+ memset(buf, 0xa5, sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = 0;
+
va_start(args, fmt);
/* Limit buffer length to test truncation */
w = vsnprintf(buf, VFPRINTF_LEN + 1, fmt, args);
@@ -1702,6 +1706,15 @@ static int expect_vfprintf(int llen, const char *expected, const char *fmt, ...)
return 1;
}
+ /* Check for any overwrites after the actual data. */
+ while (++cmp_len < sizeof(buf) - 1) {
+ if ((unsigned char)buf[cmp_len] != 0xa5) {
+ llen += printf(" overwrote buf[%d] with 0x%x", cmp_len, buf[cmp_len]);
+ result(llen, FAIL);
+ return 1;
+ }
+ }
+
result(llen, OK);
return 0;
}
--
2.39.5