[LTP] [PATCH 1/2] clock_nanosleep01: Avoid dereferencing bad pointers in libc on 32bit
Richard Palethorpe
rpalethorpe@suse.com
Wed Sep 29 10:59:09 CEST 2021
In 32-bit (regardless of kernel bits) glibc and musl will usually
dereference the timespec pointers and try to read them. In some cases
this might be avoidable, but they must do it in others.
Passing invalid pointers is undefined in POSIX. In any case, AFAICT
libc would have to catch the signal in order to guarantee EFAULT is
returned.
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
---
Possibly we shouldn't test things like this at all through libc
wrappers.
.../kernel/syscalls/clock_nanosleep/clock_nanosleep01.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c b/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c
index 382497918..7dc5a043d 100644
--- a/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c
+++ b/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c
@@ -154,6 +154,14 @@ static void do_test(unsigned int i)
else
remain = tst_ts_get(rm);
+ if ((request == bad_addr || remain == bad_addr) &&
+ tv->clock_nanosleep == libc_clock_nanosleep &&
+ sizeof(long) < 8) {
+ tst_res(TCONF,
+ "The libc 32-bit wrapper may dereference req or rem");
+ return;
+ }
+
TEST(tv->clock_nanosleep(tc->clk_id, tc->flags, request, remain));
if (tv->clock_nanosleep == libc_clock_nanosleep) {
--
2.33.0
More information about the ltp
mailing list