On 3/10/26 11:21, Sun Jian wrote:
> read_iter() always NUL-terminated at the end of the buffer, so strstr()
> could scan uninitialized stack bytes on short reads. Terminate at len and
> use O_RDONLY.
>
> Signed-off-by: Sun Jian <[email protected]>
> ---
> tools/testing/selftests/bpf/prog_tests/test_bpffs.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c
> b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c
> index ea933fd151c3..e8021ff0581c 100644
> --- a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c
> +++ b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c
> @@ -17,11 +17,11 @@ static int read_iter(char *file)
> char buf[1024];
> int fd, len;
>
> - fd = open(file, 0);
> + fd = open(file, O_RDONLY);
> if (fd < 0)
> return -1;
> - while ((len = read(fd, buf, sizeof(buf))) > 0) {
> - buf[sizeof(buf) - 1] = '\0';
> + while ((len = read(fd, buf, sizeof(buf) - 1)) > 0) {
> + buf[len] = '\0';
Does this fix any real issue with the test? I can see one very
hypothetical false negative when the uninitialized memory would contain
"iter" but that seems very unlikely to happen.
Viktor
> if (strstr(buf, "iter")) {
> close(fd);
> return 0;
>
> base-commit: 1f318b96cc84d7c2ab792fcc0bfd42a7ca890681
