Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp5346978rwb; Tue, 1 Aug 2023 00:34:05 -0700 (PDT) X-Google-Smtp-Source: APBJJlEC9s++lLsPmmjF5YKQw8alrA2VVIi82oJnzc40XJq2RKQlU/acv8pQolxjz8bjVFpTCbo1 X-Received: by 2002:a05:6358:248b:b0:127:f2fb:d103 with SMTP id m11-20020a056358248b00b00127f2fbd103mr2895354rwc.16.1690875244858; Tue, 01 Aug 2023 00:34:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690875244; cv=none; d=google.com; s=arc-20160816; b=Ty8QN8BsycCafQNhHkHq0A8JITDZlAyX+OJWsJCk0gpBR3mmr+TuyR8VIaz4SEkk3o rvTdl53SieiFsIq7NOuGRtvsp+TbHaOdD2Kk46NWbEh5dDvHvPH0Lr05L+Z6pHsLfZ+W 3j7a2iKEiLMJzBBB8x7QRcCpW5Kl9twgqEF8P+Mz2jiLt6Qgftz7dBNltEpYXsxm54rH 8jBFHy2Rlz4ZoIGDBBzftZ9HKmNDXbrh87t+/TrX4sNF8wtEXag0XGOhJCE+uo56dCVO ZCzEPJvyfCPz0jJnySJAJJp1Fc8KpSCrgExAzV/KQ/Ll3FaZ1XZyhlSuTiQggnBHp0oM SnkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=VIWxTcK3E+FU/J4XD7GqRc1zpahF864a1EUxvs8awoE=; fh=TTF1lt49Sby0rKay1qRjEqWFbUkg3/0Ba8LROUDUaGE=; b=MUJ0ZJmEdB7PolAeGcQ6HawFT6a96IeTqwT0BbAOckQv2Cpk96kSZNVXfBAGS3VSu/ Y3zCpSxxVtJnOHzNDGTIwx/YgeK+cx4M6RI+qXvHuM3g9RfoPJdzNPLhQutyZSnEDtXh C+7X2GB0kVG3QMj+9/8vQHJEm16E5fj8trxW2BImmo+dQ5ZEuCemC4EmDFeSl3pMPGoc mdo7PlOtKa3LY88lmjaS4337zAIjYULPzSE4Qv06xy6oFUxBqnK00fre81f7HGmms/fS d6L0GxEyovbf/uRbiJ/LrH5WHSu9CbBk41nPCtVG0cC6qIBsva3HROqq8tVFG7u/bpJs 09ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d20-20020a63d654000000b005533750837csi4268805pgj.681.2023.08.01.00.33.52; Tue, 01 Aug 2023 00:34:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231969AbjHAG7m (ORCPT + 99 others); Tue, 1 Aug 2023 02:59:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229675AbjHAG7k (ORCPT ); Tue, 1 Aug 2023 02:59:40 -0400 Received: from 1wt.eu (ded1.1wt.eu [163.172.96.212]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 48A591BD; Mon, 31 Jul 2023 23:59:39 -0700 (PDT) Received: (from willy@localhost) by mail.home.local (8.17.1/8.17.1/Submit) id 3716xHHu030364; Tue, 1 Aug 2023 08:59:17 +0200 Date: Tue, 1 Aug 2023 08:59:17 +0200 From: Willy Tarreau To: Thomas =?iso-8859-1?Q?Wei=DFschuh?= Cc: Shuah Khan , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Yuan Tan , Zhangjin Wu Subject: Re: [PATCH v2 09/10] selftests/nolibc: test return value of read() in test_vfprintf Message-ID: References: <20230801-nolibc-warnings-v2-0-1ba5ca57bd9b@weissschuh.net> <20230801-nolibc-warnings-v2-9-1ba5ca57bd9b@weissschuh.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230801-nolibc-warnings-v2-9-1ba5ca57bd9b@weissschuh.net> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 01, 2023 at 07:30:16AM +0200, Thomas Wei?schuh wrote: > If read() fails and returns -1 buf would be accessed out of bounds. > > Signed-off-by: Thomas Wei?schuh > --- > tools/testing/selftests/nolibc/nolibc-test.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c > index 82714051c72f..a334f8450a34 100644 > --- a/tools/testing/selftests/nolibc/nolibc-test.c > +++ b/tools/testing/selftests/nolibc/nolibc-test.c > @@ -1031,6 +1031,12 @@ static int expect_vfprintf(int llen, int c, const char *expected, const char *fm > lseek(fd, 0, SEEK_SET); > > r = read(fd, buf, sizeof(buf) - 1); > + if (r == -1) { > + llen += printf(" read() = %s", errorname(errno)); > + result(llen, FAIL); > + return 1; > + } > + > buf[r] = '\0'; In fact given the nature of this file (test if we properly implemented our syscalls), I think that a more conservative approach is deserved because if we messed up on read() we can have anything on return and we don't want to trust that. As such I would suggest that we declare r as ssize_t and verify that it's neither negative nor larger than sizeof(buf)-1, which becomes: if ((size_t)r >= sizeof(buf)) { ... fail ... } You'll also have to turn w to ssize_t then due to the test later BTW. Willy