From f75409719f120a3dbee66d761cf23a64092d1414 Mon Sep 17 00:00:00 2001
From: Josh Stone <jistone@redhat.com>
Date: Thu, 28 Jan 2010 21:00:58 -0800
Subject: PR11234: Ensure __get_argv doesn't overflow

That function was calling strlcpy as if the return value was the number
of bytes copied, but strlcpy actually returns the length of the input
string.  We now use min() to handle the case when it's bigger than the
buffer length, and drop out of the loop when that happens.
---
 testsuite/systemtap.base/overflow-get_argv.exp | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 testsuite/systemtap.base/overflow-get_argv.exp

(limited to 'testsuite/systemtap.base/overflow-get_argv.exp')

diff --git a/testsuite/systemtap.base/overflow-get_argv.exp b/testsuite/systemtap.base/overflow-get_argv.exp
new file mode 100644
index 00000000..ac7fddc5
--- /dev/null
+++ b/testsuite/systemtap.base/overflow-get_argv.exp
@@ -0,0 +1,5 @@
+# PR11234: __get_argv can overflow its return buffer
+
+set test "overflow-get_argv"
+
+stap_run $srcdir/$subdir/$test.stp no_load $all_pass_string -g -c "/bin/true /usr/bin/*"
-- 
cgit