diff mbox series

[v3,28/29] posix: Use <support/next_to_fault.h> in tst-fnmatch3

Message ID 1ed97cb59a7a97c0648bf3b2d21185fdb41358ba.1727624528.git.fweimer@redhat.com
State New
Headers show
Series Teach glibc about possible page sizes and handle gaps in ld.so | expand

Commit Message

Florian Weimer Sept. 29, 2024, 4:45 p.m. UTC 
This papers over GCC PR116884 because the triggering memset
is gone, and the strcpy call does not have bounds information
available.

Verified that the test still finds the original bug by
partially reverting commit c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61
("Fix BZ 18036 buffer overflow (read past end of buffer) in
internal_fnmatch").
---
 posix/tst-fnmatch3.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)
diff mbox series

Patch

diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
index 258ce035c4..ef51d7a0d4 100644
--- a/posix/tst-fnmatch3.c
+++ b/posix/tst-fnmatch3.c
@@ -20,22 +20,18 @@ 
 #include <sys/mman.h>
 #include <string.h>
 #include <unistd.h>
+#include <support/check.h>
+#include <support/next_to_fault.h>
 
-int
+void
 do_bz18036 (void)
 {
   const char p[] = "**(!()";
-  const int pagesize = getpagesize ();
-
-  char *pattern = mmap (0, 2 * pagesize, PROT_READ|PROT_WRITE,
-                        MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
-  if (pattern == MAP_FAILED) return 1;
-
-  mprotect (pattern + pagesize, pagesize, PROT_NONE);
-  memset (pattern, ' ', pagesize);
-  strcpy (pattern, p);
-
-  return fnmatch (pattern, p, FNM_EXTMATCH);
+  struct support_next_to_fault ntf
+    = support_next_to_fault_allocate (sizeof (p));
+  strcpy (ntf.buffer, p);
+  TEST_COMPARE (fnmatch (ntf.buffer, p, FNM_EXTMATCH), 0);
+  support_next_to_fault_free (&ntf);
 }
 
 int
@@ -45,7 +41,8 @@  do_test (void)
     return 1;
   if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
     return 1;
-  return do_bz18036 ();
+  do_bz18036 ();
+  return 0;
 }
 
 #define TEST_FUNCTION do_test ()