[LTP] [PATCH] Add test for CVE 2022-4378

Petr Vorel pvorel@suse.cz
Tue Dec 20 00:58:23 CET 2022


Hi Richie,

> Hello,

> pvorel <pvorel@suse.de> writes:

> > On 2022-12-19 11:07, pvorel wrote:
> >> Hi Martin,

> >>> diff --git a/testcases/cve/cve-2022-4378.c
> >>> b/testcases/cve/cve-2022-4378.c
> >>> new file mode 100644
> >>> index 000000000..e1c5df325
> >>> --- /dev/null
> >>> +++ b/testcases/cve/cve-2022-4378.c
> >>> @@ -0,0 +1,108 @@
> >>> +// SPDX-License-Identifier: GPL-2.0-or-later
> >>> +/*
> >>> + * Copyright (C) 2022 SUSE LLC <mdoucha@suse.cz>
> >>> + */
> >>> +
> >>> +/*\
> >> nit: you used /*\ docparse start comment, but without any [...] mark,
> >> thus nothing shows in generated docs.
> >> There should have been either normal C comment /* or docparse [...]
> >> mark.

> > I'm sorry, I was wrong, the text *appear* in generated docs, just
> > without any header.

> Perhaps make-check could validate the docparse string?

+1, I was already thinking about it.

It would not help in the case below, but it's definitely worth
(error in JSON will be caught by CI, but why not to catch it early?)

> > Just the text contains too much details (given we have link to git
> > commit in the table below):

> > ... fixed in:

> > commit bce9332220bd677d83b19d21502776ad555a0e73 Author: Linus Torvalds
> > <torvalds@linux-foundation.org> Date: Mon Dec 5 12:09:06 2022 -0800

> I think it is fine to even copy and paste the whole commit message. If
> we list the wrong Git commit this may make it easier to see as well.

I'd just use the format for "Fixes:":

$ git log --pretty=format:"%h (\"%s\")" -1
bce9332220bd ("proc: proc_skip_spaces() shouldn't think it is working on C strings")


Kind regards,
Petr


More information about the ltp mailing list