Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15: error: Buffer is accessed out of bounds

From: Reinette Chatre
Date: Mon Apr 13 2020 - 12:30:45 EST


+Sai

On 4/13/2020 2:43 AM, David Binderman wrote:
> Hello there,
>
> Source code is
>
> while (fgets(temp, 1024, fp)) {
>
> but
>
> char *token_array[8], temp[512];
>
> Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> For example:
>
> # include <stdio.h>
>
> extern void g( int);
>
> void
> f( FILE * fp)
> {
> char buf[ 100];
>
> while (fgets( buf, 200, fp) != 0)
> {
> g( 1);
> }
> }
>
> gives
>
> $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2 apr13c.cc
> In file included from /usr/include/stdio.h:867,
> from apr13c.cc:2:
> In function ‘char* fgets(char*, int, FILE*)’,
> inlined from ‘void f(FILE*)’ at apr13c.cc:11:14:
> /usr/include/bits/stdio2.h:263:26: warning: call to ‘__fgets_chk_warn’ declared with attribute warning: fgets called with bigger size than length of destination buffer [-Wattribute-warning]
>
> I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in
> all development builds.
>

Thank you very much for catching this David.

Sai: could you include this fix in your upcoming series of fixes? Using
the pattern of "fgets(buf, sizeof(buf), ...)" instead of hard coding the
size should be helpful here.

Reinette