summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYury Usishchev <y.usishchev@samsung.com>2015-02-05 23:04:29 +0000
committerYury Usishchev <y.usishchev@samsung.com>2015-02-06 11:36:08 +0300
commitfcde605eda9b3ee6a993b0cba7662b6485752d41 (patch)
tree1eb32f53c031f36374b54bd6f0fa3ad35ea3869d
parentf112bdc4ac41ef85c6a5987645dfd29a3989492b (diff)
downloadcoreutils-accepted/tizen_common.tar.gz
coreutils-accepted/tizen_common.tar.bz2
coreutils-accepted/tizen_common.zip
The -fsanitize=address run associated with v8.22-75-gf940fec failed to check make-prime-list, as src/primes.h is not regenerated with `make clean`. Running with -fsanitize=address indicates a read 1 byte beyond the allocated buffer. $ rm src/make-prime-list.o $ make AM_CFLAGS=-fsanitize=address src/make-prime-list $ src/make-prime-list 5000 ================================================================= ==13913==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61e00000fa43 at pc 0x4016f5 bp 0x7fff9d9840e0 sp 0x7fff9d9840d0 READ of size 1 at 0x61e00000fa43 thread T0 #0 0x4016f4 in main src/make-prime-list.c:214 #1 0x7f98892c5fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf) #2 0x401774 (src/make-prime-list+0x401774) 0x61e00000fa43 is located 0 bytes to the right of 2499-byte region [0x61e00000f080,0x61e00000fa43) allocated by thread T0 here: #0 0x7f98896ba7b7 in malloc (/lib64/libasan.so.1+0x577b7) #1 0x400f3f in xalloc src/make-prime-list.c:163 #2 0x400f3f in main src/make-prime-list.c:198 SUMMARY: AddressSanitizer: heap-buffer-overflow src/make-prime-list.c:214 main Shadow bytes around the buggy address: 0x0c3c7fff9ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3c7fff9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3c7fff9f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3c7fff9f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3c7fff9f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c3c7fff9f40: 00 00 00 00 00 00 00 00[03]fa fa fa fa fa fa fa 0x0c3c7fff9f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3c7fff9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3c7fff9f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3c7fff9f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3c7fff9f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa ... ==13913==ABORTING * src/make-prime-list.c (main): Bounds check the incremented index, before using to access the buffer. Fixes http://bugs.gnu.org/19784 Change-Id: I4ef7d16b49097522350def56bf3882c6c70a17a5 Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
-rw-r--r--src/make-prime-list.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/make-prime-list.c b/src/make-prime-list.c
index 4ec01cf3b..956c31a8b 100644
--- a/src/make-prime-list.c
+++ b/src/make-prime-list.c
@@ -211,7 +211,7 @@ main (int argc, char **argv)
for (j = (p*p - 3)/2; j < size; j+= p)
sieve[j] = 0;
- while (i < size && sieve[++i] == 0)
+ while (++i < size && sieve[i] == 0)
;
}