[LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access
Cyril Hrubis
chrubis@suse.cz
Fri May 24 13:33:12 CEST 2024
Hi!
> I'd at least add a check that size == data.len + 1.
Which is not true actually because we always send a 100 bytes of data
regardless the message size, which is probably another oversight.
So let's keep the test as it is for now and I will do more work on it
after the release.
To fix this we would have to do at least, but I do not want to change
the test at this point just before the release:
diff --git a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
index b6a64cf4f..f0da595cd 100644
--- a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
+++ b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
@@ -109,7 +109,7 @@ static void writer(const int id, const int pos)
int iter = num_iterations;
while (--iter >= 0 && !(*stop)) {
- int size = msgsnd(id, &buff->msg, 100, IPC_NOWAIT);
+ int size = msgsnd(id, &buff->msg, buff->msg.data.len + 1, IPC_NOWAIT);
if (size < 0) {
if (errno == EAGAIN) {
@@ -160,6 +160,15 @@ static void reader(const int id, const int pos)
return;
}
+ if (msg_recv.data.len + 1 != size) {
+ tst_res(TFAIL,
+ "Wrong message size have %i expected %i",
+ size, msg_recv.data.len+1);
+ *stop = 1;
+ *fail = 1;
+ return;
+ }
+
for (int i = 0; i < msg_recv.data.len; i++) {
if (msg_recv.data.pbytes[i] != buff->msg.data.pbytes[i]) {
tst_res(TFAIL, "Received wrong data at index %d: %x != %x", i,
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list