[LTP] [PATCH] Fix potential overflows in sched_tc4 and sched_driver of sched_stress unit

Wed, 22 Oct 2008 15:19:53 -0700 

Hi,

please find attached a fix for potential overflows in sched_tc4 and 
sched_driver.

sched_tc4:
  RAWDEV could be much large then 16 chars - e.g. /dev/cciss/c0d0p6 (18)
  (only use of RAWDEV in entire sched_stress module)

sched_driver:
  pathname could be much large then 50 - increased to PATH_MAX.

Problem observed and original fixed by Yi Xu.
Patch got slightly cleaned-up/modified.

Reviewed-by: Daniel Gollub <[EMAIL PROTECTED]>
Signed-off-by: Daniel Gollub <[EMAIL PROTECTED]>

---
 testcases/kernel/sched/sched_stress/sched_driver.c |    3 ++-
 testcases/kernel/sched/sched_stress/sched_tc4.c    |    8 +++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

Index: testcases/kernel/sched/sched_stress/sched_driver.c
===================================================================
--- testcases/kernel/sched/sched_stress/sched_driver.c.orig
+++ testcases/kernel/sched/sched_stress/sched_driver.c
@@ -69,6 +69,7 @@
 #include <signal.h>
 #include <pwd.h>
 #include <time.h>
+#include <limits.h>
 #include "sched.h"
 
 /*
@@ -421,7 +422,7 @@ char        *name,     /* filename of testcase
        *param3;   /* if sched_tc6:  fork flag, 0=false, 1=true */
 float *t2;       /* if sched_tc6:  second time returned from testcase */
 {
-       char    temp[50],       /* holds pathname and returned floating number 
*/
+       char    temp[PATH_MAX], /* holds pathname and returned floating number 
*/
                t2asc[50];      /* holds second returned floating number */
        int     saved_pid;      /* process id of forked process */
        FILE    *datafile;      /* file pointer for temporary file */
Index: testcases/kernel/sched/sched_stress/sched_tc4.c
===================================================================
--- testcases/kernel/sched/sched_stress/sched_tc4.c.orig
+++ testcases/kernel/sched/sched_stress/sched_tc4.c
@@ -189,13 +189,11 @@ void read_raw_device()
        int     i;                         /* loop counter */
        int     blocks=0;                    /* number of blocks read */
 #ifndef __linux__
-       static char   raw_dev[16] = "/dev/hd2";  /* name of raw device file */
+       char   raw_dev[50] = "/dev/hd2";  /* name of raw device file */
 #else
-       static char   raw_dev[16];              /* name of raw device file  */
+       char   *raw_dev;                /* name of raw device file  */
 
-        if (getenv("RAWDEV"))
-               sprintf(raw_dev, "%s", getenv("RAWDEV")); 
-        else
+       if ((raw_dev = getenv("RAWDEV")) == NULL)
         {
            errno = ENODATA;
            sys_error("environment variable RAWDEV not set", __FILE__,__LINE__);

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to