PR11234: Ensure __get_argv doesn't overflow

That function was calling strlcpy as if the return value was the number of bytes copied, but strlcpy actually returns the length of the input string. We now use min() to handle the case when it's bigger than the buffer length, and drop out of the loop when that happens.
author: Josh Stone <jistone@redhat.com> 2010-01-28 21:00:58 -0800
committer: Josh Stone <jistone@redhat.com> 2010-01-28 21:00:58 -0800
commit: f75409719f120a3dbee66d761cf23a64092d1414 (patch)
tree: a35e8f9c3d1cf317b2a989df10e5835dcc461670 /testsuite/systemtap.base/overflow-get_argv.exp
parent: 15b2e969f0f67b2259e0345a446001ac80179968 (diff)
download: systemtap-steved-f75409719f120a3dbee66d761cf23a64092d1414.tar.gz
systemtap-steved-f75409719f120a3dbee66d761cf23a64092d1414.tar.xz
systemtap-steved-f75409719f120a3dbee66d761cf23a64092d1414.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/testsuite/systemtap.base/overflow-get_argv.exp b/testsuite/systemtap.base/overflow-get_argv.exp
new file mode 100644
index 00000000..ac7fddc5
--- /dev/null
+++ b/testsuite/systemtap.base/overflow-get_argv.exp
@@ -0,0 +1,5 @@
+# PR11234: __get_argv can overflow its return buffer
+
+set test "overflow-get_argv"
+
+stap_run $srcdir/$subdir/$test.stp no_load $all_pass_string -g -c "/bin/true /usr/bin/*"
author	Josh Stone <jistone@redhat.com>	2010-01-28 21:00:58 -0800
committer	Josh Stone <jistone@redhat.com>	2010-01-28 21:00:58 -0800
commit	f75409719f120a3dbee66d761cf23a64092d1414 (patch)
tree	a35e8f9c3d1cf317b2a989df10e5835dcc461670 /testsuite/systemtap.base/overflow-get_argv.exp
parent	15b2e969f0f67b2259e0345a446001ac80179968 (diff)
download	systemtap-steved-f75409719f120a3dbee66d761cf23a64092d1414.tar.gz systemtap-steved-f75409719f120a3dbee66d761cf23a64092d1414.tar.xz systemtap-steved-f75409719f120a3dbee66d761cf23a64092d1414.zip