Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15: error: Buffer is accessed out of bounds

Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15: error: Buffer is accessed out of bounds

[Reinette Chatre]

+Sai

On 4/13/2020 2:43 AM, David Binderman wrote:
> Hello there,
> 
> Source code is
> 
>    while (fgets(temp, 1024, fp)) {
> 
> but
> 
>     char *token_array[8], temp[512];
> 
> Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> For example:
> 
> # include <stdio.h>
> 
> extern void g( int);
> 
> void
> f( FILE * fp)
> {
> 	char buf[ 100];
> 
> 	while (fgets( buf, 200, fp) != 0)
> 	{
> 		g( 1);
> 	}
> }
> 
> gives
> 
> $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2 apr13c.cc
> In file included from /usr/include/stdio.h:867,
>                  from apr13c.cc:2:
> In function ‘char* fgets(char*, int, FILE*)’,
>     inlined from ‘void f(FILE*)’ at apr13c.cc:11:14:
> /usr/include/bits/stdio2.h:263:26: warning: call to ‘__fgets_chk_warn’ declared with attribute warning: fgets called with bigger size than length of destination buffer [-Wattribute-warning]
> 
> I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in
> all development builds.
> 

Thank you very much for catching this David.

Sai: could you include this fix in your upcoming series of fixes? Using
the pattern of "fgets(buf, sizeof(buf), ...)" instead of hard coding the
size should be helpful here.

Reinette

RE: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15: error: Buffer is accessed out of bounds

[Prakhya, Sai Praneeth]

> -----Original Message-----
> From: Reinette Chatre <reinette.chatre@intel.com>
> Sent: Monday, April 13, 2020 9:31 AM
> To: David Binderman <dcb314@hotmail.com>; Yu, Fenghua
> <fenghua.yu@intel.com>; shuah@kernel.org; Linux Kernel Mailing List <linux-
> kernel@vger.kernel.org>; linux-kselftest@vger.kernel.org; Prakhya, Sai Praneeth
> <sai.praneeth.prakhya@intel.com>
> Subject: Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15:
> error: Buffer is accessed out of bounds
> 
> +Sai
> 
> On 4/13/2020 2:43 AM, David Binderman wrote:
> > Hello there,
> >
> > Source code is
> >
> >    while (fgets(temp, 1024, fp)) {
> >
> > but
> >
> >     char *token_array[8], temp[512];
> >
> > Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> > For example:
> >
> > # include <stdio.h>
> >
> > extern void g( int);
> >
> > void
> > f( FILE * fp)
> > {
> > 	char buf[ 100];
> >
> > 	while (fgets( buf, 200, fp) != 0)
> > 	{
> > 		g( 1);
> > 	}
> > }
> >
> > gives
> >
> > $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2
> > apr13c.cc In file included from /usr/include/stdio.h:867,
> >                  from apr13c.cc:2:
> > In function 'char* fgets(char*, int, FILE*)',
> >     inlined from 'void f(FILE*)' at apr13c.cc:11:14:
> > /usr/include/bits/stdio2.h:263:26: warning: call to '__fgets_chk_warn'
> > declared with attribute warning: fgets called with bigger size than
> > length of destination buffer [-Wattribute-warning]
> >
> > I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in all
> > development builds.
> >
> 
> Thank you very much for catching this David.
> 
> Sai: could you include this fix in your upcoming series of fixes? Using the pattern
> of "fgets(buf, sizeof(buf), ...)" instead of hard coding the size should be helpful
> here.

Reinette: Sure! I will include this fix. Just FYI, I did notice this and have fixed it in V1 patches that I sent out earlier.

David: Thanks for bringing this up. I wasn't aware of the gcc flag you had mentioned. I will add it.

Regards,
Sai