Attachment 142028 Details for Bug 207926 – example of overflow

example of overflow

test.c (text/plain), 1.46 KB, created by Evan Teran on 2008-01-28 16:52:21 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Evan Teran

Created: 2008-01-28 16:52:21 UTC

Size: 1.46 KB

patch

obsolete

>
>#define _REENTRANT
>#define _GNU_SOURCE
>
>#define MAXPATHLEN 4096
>
>#include <stdio.h>
>#include <stdlib.h>
>#include <sys/types.h>
>#include <sys/stat.h>
>#include <sys/param.h>
>#include <unistd.h>
>#include <sys/wait.h>
>#include <libgen.h>
>#include <string.h>
>#include <stdarg.h>
>#include <errno.h>
>
>/* cut from wrapper-1.5.0.c */
>struct wrapper_data {
>	char name[MAXPATHLEN + 1];
>	char fullname[MAXPATHLEN + 1];
>	char bin[MAXPATHLEN + 1];
>	char tmp[MAXPATHLEN + 1];
>	char *path;
>};
>
>int main() {
>
>	/* setup test */
>	struct wrapper_data d;
>	struct wrapper_data *data = &d;
>	
>	memset(data, 0, sizeof(data));
>	
>	char str[MAXPATHLEN];
>	memset(str, 'A', sizeof(str));
>	str[MAXPATHLEN] = '\0';
>	memset(data->name, 'B', sizeof(data->name));
>	data->name[MAXPATHLEN] = '\0';
>	
>	strcpy(data->tmp, "hello world");
>
>
>
>
>#define TEST
>#ifdef TEST
>	/* do test, this code was copied directly from the wrapper-1.5.0.c 
>	 * lines 218 - 221
>	 */
>	strncpy(data->bin, str, sizeof(data->bin) - 1);
>	data->bin[strlen(data->bin) - 1] = '/';
>	strncat(data->bin, data->name, sizeof(data->bin) - 1);
>	data->bin[MAXPATHLEN] = 0;
>#endif
>
>	/* results */
>	printf("strlen(data->name) = %d : should be %d\n", strlen(data->name), 4096);
>	printf("strlen(data->fullname) = %d : should be %d\n", strlen(data->fullname), 0);
>	printf("strlen(data->bin) = %d : should be %d\n", strlen(data->bin), 4096);
>	printf("strlen(data->tmp) = %d : should be %d\n", strlen(data->tmp), 11);
>	printf("data->path = %p : should be NULL\n", data->path);
>
>}

Actions: View

Attachments on bug 207926: 142028