From patchwork Sun Sep 29 16:45:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 1990625
Return-Path: <libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=X1X3H+/v;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org;
 envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=patchwork.ozlabs.org)
Received: from server2.sourceware.org (server2.sourceware.org
 [IPv6:2620:52:3:1:0:246e:9693:128c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4XGqp35jS2z1xt8
	for <incoming@patchwork.ozlabs.org>; Mon, 30 Sep 2024 02:45:47 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 98C98385EC55
	for <incoming@patchwork.ozlabs.org>; Sun, 29 Sep 2024 16:45:45 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTP id 3F1FB385EC1E
 for <libc-alpha@sourceware.org>; Sun, 29 Sep 2024 16:45:24 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3F1FB385EC1E
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3F1FB385EC1E
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727628327; cv=none;
 b=kwTH16mY/C01Dx8j95z17BgOKXu8igs/Y8+bMH/4HF2BxXuYeMp3cdI6yKfJdSU5PVkoB7CeUjPa495Mt52EzrnC3bpEfC+j7asgOo+3mS61+Y+MEcwZzr3GDjG0WLeY35CYMbRC6RlNFOmdA/b9TWnAVdm1zqOumtbRmQUjTn4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1727628327; c=relaxed/simple;
 bh=QhpckRkzMt4mK5AUCj8hBZG5eStsXinQICSWndW1F3A=;
 h=DKIM-Signature:From:To:Subject:Message-ID:Date:MIME-Version;
 b=vAybtIr/8Rl+QsO+R9GjJe88Ikp8bjJZCHiC7joO+7GPzLtb6zaoyjcjhh76XDYW9TCqT0OY8UHQLOAJMhM9aZ2lnoP0NlAwaigcYkPO/yg6LuaW/9gbaW7v5GfpJCzfFbxXdRkFlRjir3lXcLZwPRsoFze8dZo8gPo/jtYQMI4=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1727628324;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=9Q/1XvWfm24cyz/GyxOnqNNbOFzPNOaoVv6Fc7yqwTU=;
 b=X1X3H+/vFkb2QqpX3eJKWTtF07ye5YzExxylNjgnKzczBHhOr6b+LFWZrYqabroRIH60ht
 8XhLB5SgMC7sJ5632AXxrR1fNCRCgoAtFJ4Ehw8S265KN+oQKCNrygMVJFdeiCedU+Wbbb
 LnbWt2IxVyThlM04HM6LZ8ev+aOV+Is=
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-247-DFO_vDjXNnScTrBb-fKmJg-1; Sun,
 29 Sep 2024 12:45:22 -0400
X-MC-Unique: DFO_vDjXNnScTrBb-fKmJg-1
Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (unknown
 [10.30.177.15])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id EED3B19344C2
 for <libc-alpha@sourceware.org>; Sun, 29 Sep 2024 16:45:21 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.45.224.151])
 by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS
 id 0D2401979060
 for <libc-alpha@sourceware.org>; Sun, 29 Sep 2024 16:45:20 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: libc-alpha@sourceware.org
Subject: [PATCH v3 28/29] posix: Use <support/next_to_fault.h> in tst-fnmatch3
In-Reply-To: <cover.1727624528.git.fweimer@redhat.com>
Message-ID: 
 <1ed97cb59a7a97c0648bf3b2d21185fdb41358ba.1727624528.git.fweimer@redhat.com>
References: <cover.1727624528.git.fweimer@redhat.com>
X-From-Line: 1ed97cb59a7a97c0648bf3b2d21185fdb41358ba Mon Sep 17 00:00:00 2001
Date: Sun, 29 Sep 2024 18:45:18 +0200
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 KAM_NUMSUBJECT, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org

This papers over GCC PR116884 because the triggering memset
is gone, and the strcpy call does not have bounds information
available.

Verified that the test still finds the original bug by
partially reverting commit c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61
("Fix BZ 18036 buffer overflow (read past end of buffer) in
internal_fnmatch").
---
 posix/tst-fnmatch3.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
index 258ce035c4..ef51d7a0d4 100644
--- a/posix/tst-fnmatch3.c
+++ b/posix/tst-fnmatch3.c
@@ -20,22 +20,18 @@
 #include <sys/mman.h>
 #include <string.h>
 #include <unistd.h>
+#include <support/check.h>
+#include <support/next_to_fault.h>
 
-int
+void
 do_bz18036 (void)
 {
   const char p[] = "**(!()";
-  const int pagesize = getpagesize ();
-
-  char *pattern = mmap (0, 2 * pagesize, PROT_READ|PROT_WRITE,
-                        MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
-  if (pattern == MAP_FAILED) return 1;
-
-  mprotect (pattern + pagesize, pagesize, PROT_NONE);
-  memset (pattern, ' ', pagesize);
-  strcpy (pattern, p);
-
-  return fnmatch (pattern, p, FNM_EXTMATCH);
+  struct support_next_to_fault ntf
+    = support_next_to_fault_allocate (sizeof (p));
+  strcpy (ntf.buffer, p);
+  TEST_COMPARE (fnmatch (ntf.buffer, p, FNM_EXTMATCH), 0);
+  support_next_to_fault_free (&ntf);
 }
 
 int
@@ -45,7 +41,8 @@ do_test (void)
     return 1;
   if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
     return 1;
-  return do_bz18036 ();
+  do_bz18036 ();
+  return 0;
 }
 
 #define TEST_FUNCTION do_test ()