[LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access

Thu May 23 18:08:39 CEST 2024

Hi,
I'd at least add a check that size == data.len + 1.

On 23. 05. 24 17:59, Cyril Hrubis wrote:
> The size returned from recvmsg() is the size of the payload but the
> payload is defined as:
> 
> struct {
>          char len;
>          char pbytes[99];
> } data;
> 
> So the lenght of the pbytes is actually one byte shorter than the size
> and we access one byte after the array in the comparsion.
> 
> Better fix for this would be removal of the len from the data payload
> but since we are close to the release lets do the minimal fix now and do
> the cleanup after the release.
> 
> Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
> ---
>   testcases/kernel/syscalls/ipc/msgstress/msgstress01.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
> index 5c84957b3..b0d945a11 100644
> --- a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
> +++ b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
> @@ -131,7 +131,7 @@ static void reader(const int id, const int pos)
>   			return;
>   		}
>   
> -		for (int i = 0; i < size; i++) {
> +		for (int i = 0; i < msg_recv.data.len; i++) {
>   			if (msg_recv.data.pbytes[i] != buff->msg.data.pbytes[i]) {
>   				tst_res(TFAIL, "Received wrong data at index %d: %x != %x", i,
>   					msg_recv.data.pbytes[i],

-- 
Martin Doucha   mdoucha@suse.cz
SW Quality Engineer
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic