[LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access
Cyril Hrubis
chrubis@suse.cz
Thu May 23 17:59:32 CEST 2024
The size returned from recvmsg() is the size of the payload but the
payload is defined as:
struct {
char len;
char pbytes[99];
} data;
So the lenght of the pbytes is actually one byte shorter than the size
and we access one byte after the array in the comparsion.
Better fix for this would be removal of the len from the data payload
but since we are close to the release lets do the minimal fix now and do
the cleanup after the release.
Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
---
testcases/kernel/syscalls/ipc/msgstress/msgstress01.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
index 5c84957b3..b0d945a11 100644
--- a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
+++ b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
@@ -131,7 +131,7 @@ static void reader(const int id, const int pos)
return;
}
- for (int i = 0; i < size; i++) {
+ for (int i = 0; i < msg_recv.data.len; i++) {
if (msg_recv.data.pbytes[i] != buff->msg.data.pbytes[i]) {
tst_res(TFAIL, "Received wrong data at index %d: %x != %x", i,
msg_recv.data.pbytes[i],
--
2.43.2
More information about the ltp
mailing list