Re: [igt-dev] [PATCH i-g-t 1/3] tests/testdisplay: fix heap overflow

From: "Ser, Simon" <simon.ser@intel.com>
To: "igt-dev@lists.freedesktop.org" <igt-dev@lists.freedesktop.org>,
	"chris@chris-wilson.co.uk" <chris@chris-wilson.co.uk>
Subject: Re: [igt-dev] [PATCH i-g-t 1/3] tests/testdisplay: fix heap overflow
Date: Wed, 20 Mar 2019 11:29:03 +0000	[thread overview]
Message-ID: <6daf08d6a27ac5b4c5ed7a26566cd5e23816f11b.camel@intel.com> (raw)
In-Reply-To: <155308092658.8718.11106976676851152585@skylake-alporthouse-com>

On Wed, 2019-03-20 at 11:22 +0000, Chris Wilson wrote:
> Quoting Simon Ser (2019-03-20 11:15:54)
> > Also simplify the code by using dirname(3).
> > 
> > Signed-off-by: Simon Ser <simon.ser@intel.com>
> > ---
> >  tests/testdisplay.c | 17 ++++-------------
> >  1 file changed, 4 insertions(+), 13 deletions(-)
> > 
> > diff --git a/tests/testdisplay.c b/tests/testdisplay.c
> > index b3657264..2b26ed1b 100644
> > --- a/tests/testdisplay.c
> > +++ b/tests/testdisplay.c
> > @@ -51,6 +51,7 @@
> >  #include <cairo.h>
> >  #include <errno.h>
> >  #include <getopt.h>
> > +#include <libgen.h>
> >  #include <math.h>
> >  #include <stdint.h>
> >  #include <stdbool.h>
> > @@ -563,24 +564,14 @@ static gboolean input_event(GIOChannel
> > *source, GIOCondition condition,
> >         return TRUE;
> >  }
> >  
> > -static void enter_exec_path( char **argv )
> > +static void enter_exec_path(char **argv)
> >  {
> > -       char *exec_path = NULL;
> > -       char *pos = NULL;
> > -       short len_path = 0;
> > +       char *exec_path;
> >         int ret;
> >  
> > -       len_path = strlen( argv[0] );
> > -       exec_path = (char*) malloc(len_path);
> > -
> > -       memcpy(exec_path, argv[0], len_path);
> > -       pos = strrchr(exec_path, '/');
> > -       if (pos != NULL)
> > -               *(pos+1) = '\0';
> > -
> > +       exec_path = dirname(argv[0]);
> 
> dirname() modifies inplace, so it might not be suitable as presumably
> we
> were copying the argv[0] for a reason :)
> 
> exec_path = strcpy(argv[0]);
> if (exec_path)
> 	exec_path = dirname(exec_path);
> igt_assert_eq(chdir(exec_path), 0);
> free(exec_path);
> 
> And if we are not allowed to modify argv, why not say so and make it
> const?

That's a good point. I thought dirname returned a pointer to statically
allocated memory, but as you said and per the spec libc is also allowed
to modify the argument in place.

Will send v2 shortly.

> -Chris
---------------------------------------------------------------------
Intel Finland Oy
Registered Address: PL 281, 00181 Helsinki 
Business Identity Code: 0357606 - 4 
Domiciled in Helsinki 

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev