RE: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15: error: Buffer is accessed out of bounds

From: Prakhya, Sai Praneeth
Date: Mon Apr 13 2020 - 13:42:48 EST


> -----Original Message-----
> From: Reinette Chatre <reinette.chatre@xxxxxxxxx>
> Sent: Monday, April 13, 2020 9:31 AM
> To: David Binderman <dcb314@xxxxxxxxxxx>; Yu, Fenghua
> <fenghua.yu@xxxxxxxxx>; shuah@xxxxxxxxxx; Linux Kernel Mailing List <linux-
> kernel@xxxxxxxxxxxxxxx>; linux-kselftest@xxxxxxxxxxxxxxx; Prakhya, Sai Praneeth
> <sai.praneeth.prakhya@xxxxxxxxx>
> Subject: Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15:
> error: Buffer is accessed out of bounds
>
> +Sai
>
> On 4/13/2020 2:43 AM, David Binderman wrote:
> > Hello there,
> >
> > Source code is
> >
> > while (fgets(temp, 1024, fp)) {
> >
> > but
> >
> > char *token_array[8], temp[512];
> >
> > Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> > For example:
> >
> > # include <stdio.h>
> >
> > extern void g( int);
> >
> > void
> > f( FILE * fp)
> > {
> > char buf[ 100];
> >
> > while (fgets( buf, 200, fp) != 0)
> > {
> > g( 1);
> > }
> > }
> >
> > gives
> >
> > $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2
> > apr13c.cc In file included from /usr/include/stdio.h:867,
> > from apr13c.cc:2:
> > In function 'char* fgets(char*, int, FILE*)',
> > inlined from 'void f(FILE*)' at apr13c.cc:11:14:
> > /usr/include/bits/stdio2.h:263:26: warning: call to '__fgets_chk_warn'
> > declared with attribute warning: fgets called with bigger size than
> > length of destination buffer [-Wattribute-warning]
> >
> > I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in all
> > development builds.
> >
>
> Thank you very much for catching this David.
>
> Sai: could you include this fix in your upcoming series of fixes? Using the pattern
> of "fgets(buf, sizeof(buf), ...)" instead of hard coding the size should be helpful
> here.

Reinette: Sure! I will include this fix. Just FYI, I did notice this and have fixed it in V1 patches that I sent out earlier.

David: Thanks for bringing this up. I wasn't aware of the gcc flag you had mentioned. I will add it.

Regards,
Sai