Patrick Georgi submitted this change.
tests/lib/memchr-test: Fix possible memory overrun, add non-null checks
Three calls to memchr() had incorrect length values which could lead to
memory overrun.
Add non-null checks to ensure correct return values from memchr()
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Ief7b7e2ecb9b5d2e05e6983d92d02fa00935b392
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51054
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
---
M tests/lib/memchr-test.c
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tests/lib/memchr-test.c b/tests/lib/memchr-test.c
index 4a093c2..9762b9a 100644
--- a/tests/lib/memchr-test.c
+++ b/tests/lib/memchr-test.c
@@ -47,7 +47,7 @@
{
/* Test using character string */
void *v1 = memchr(test_data1, 'A', test_data1_sz);
- void *v2 = memchr(test_data1 + 26, 'A', test_data1_sz - 10);
+ void *v2 = memchr(test_data1 + 26, 'A', test_data1_sz - 26);
assert_non_null(v1);
assert_non_null(v2);
@@ -67,13 +67,17 @@
static void test_memchr_last_character_in_string(void **state)
{
void *v1 = memchr(test_data1, '9', test_data1_sz);
- void *v2 = memchr(&test_data1[test_data1_sz - 2], '9', test_data1_sz);
+ void *v2 = memchr(&test_data1[test_data1_sz - 2], '9', 2);
void *v3 = memchr(test_data2, 0xff, test_data2_sz);
- void *v4 = memchr(&test_data2[test_data2_sz - 1], 0xff, test_data2_sz);
+ void *v4 = memchr(&test_data2[test_data2_sz - 1], 0xff, 1);
+ assert_non_null(v1);
+ assert_non_null(v2);
assert_ptr_equal(v1, v2);
assert_ptr_equal(v1, &test_data1[test_data1_sz - 2]);
+ assert_non_null(v3);
+ assert_non_null(v4);
assert_ptr_equal(v3, v4);
assert_ptr_equal(v3, &test_data2[test_data2_sz - 1]);
}
To view, visit change 51054. To unsubscribe, or for help writing mail filters, visit settings.