diff options
| author | Yury Usishchev <y.usishchev@samsung.com> | 2015-02-05 23:04:29 +0000 |
|---|---|---|
| committer | Yury Usishchev <y.usishchev@samsung.com> | 2015-02-06 11:36:08 +0300 |
| commit | fcde605eda9b3ee6a993b0cba7662b6485752d41 (patch) | |
| tree | 1eb32f53c031f36374b54bd6f0fa3ad35ea3869d | |
| parent | f112bdc4ac41ef85c6a5987645dfd29a3989492b (diff) | |
| download | coreutils-tizen_3.0.m1_tv.tar.gz coreutils-tizen_3.0.m1_tv.tar.bz2 coreutils-tizen_3.0.m1_tv.zip | |
build: ensure make-prime-list doesn't access out of bounds memoryHEADtizen_3.0.m2.a1_tv_releasetizen_3.0.m2.a1_mobile_releasetizen_3.0.m1_tv_releasetizen_3.0.m1_mobile_releasesubmit/tizen_common/20151019.135620submit/tizen_common/20151015.190624submit/tizen_base/20151223.111112submit/tizen_base/20151223.111111submit/tizen_3.0.2014.q4_common/20150226.000000submit/tizen/20150206.105314accepted/tizen/wearable/20150210.015008accepted/tizen/tv/20150210.013233accepted/tizen/mobile/20150210.015318accepted/tizen/common/20150209.122001accepted/tizen/base/20151223.052242accepted/tizen/3.0.2014.q4/common/20150226.105856tizen_basetizen_3.0.m1_tvtizen_3.0.m1_mobiletizen_3.0.2015.q2_commontizen_3.0.2015.q1_commontizen_3.0.2014.q4_commontizenaccepted/tizen_wearableaccepted/tizen_tvaccepted/tizen_mobileaccepted/tizen_commonaccepted/tizen_baseaccepted/tizen_3.0.2014.q4_common
The -fsanitize=address run associated with v8.22-75-gf940fec
failed to check make-prime-list, as src/primes.h is not
regenerated with `make clean`. Running with -fsanitize=address
indicates a read 1 byte beyond the allocated buffer.
$ rm src/make-prime-list.o
$ make AM_CFLAGS=-fsanitize=address src/make-prime-list
$ src/make-prime-list 5000
=================================================================
==13913==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61e00000fa43 at pc 0x4016f5 bp 0x7fff9d9840e0 sp 0x7fff9d9840d0
READ of size 1 at 0x61e00000fa43 thread T0
#0 0x4016f4 in main src/make-prime-list.c:214
#1 0x7f98892c5fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)
#2 0x401774 (src/make-prime-list+0x401774)
0x61e00000fa43 is located 0 bytes to the right of 2499-byte
region [0x61e00000f080,0x61e00000fa43) allocated by thread T0 here:
#0 0x7f98896ba7b7 in malloc (/lib64/libasan.so.1+0x577b7)
#1 0x400f3f in xalloc src/make-prime-list.c:163
#2 0x400f3f in main src/make-prime-list.c:198
SUMMARY: AddressSanitizer: heap-buffer-overflow
src/make-prime-list.c:214 main
Shadow bytes around the buggy address:
0x0c3c7fff9ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3c7fff9f40: 00 00 00 00 00 00 00 00[03]fa fa fa fa fa fa fa
0x0c3c7fff9f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fff9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fff9f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fff9f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fff9f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
...
==13913==ABORTING
* src/make-prime-list.c (main): Bounds check the incremented index,
before using to access the buffer.
Fixes http://bugs.gnu.org/19784
Change-Id: I4ef7d16b49097522350def56bf3882c6c70a17a5
Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
| -rw-r--r-- | src/make-prime-list.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/make-prime-list.c b/src/make-prime-list.c index 4ec01cf3b..956c31a8b 100644 --- a/src/make-prime-list.c +++ b/src/make-prime-list.c @@ -211,7 +211,7 @@ main (int argc, char **argv) for (j = (p*p - 3)/2; j < size; j+= p) sieve[j] = 0; - while (i < size && sieve[++i] == 0) + while (++i < size && sieve[i] == 0) ; } |