Dan Horák píše v St 04. 02. 2009 v 16:32 +0100: > Hi all, > > I have found few issues in the recent trunk of openhpi. They are
> - at least 3 failing tests (no analysis yet) > sahpi_struct_utils_test (buffer overflow with gcc 4.4, not present with > gcc 4.3 - > https://koji.fedoraproject.org/koji/getfile?taskID=1103811&name=build.log) Analysis is here: (gdb) where #0 0x00007fda66fb9f55 in raise () from /lib64/libc.so.6 #1 0x00007fda66fbbac3 in abort () from /lib64/libc.so.6 #2 0x00007fda66ff94e8 in __libc_message () from /lib64/libc.so.6 #3 0x00007fda67086717 in __fortify_fail () from /lib64/libc.so.6 #4 0x00007fda670845c0 in __chk_fail () from /lib64/libc.so.6 #5 0x00007fda670837cd in __strncpy_chk () from /lib64/libc.so.6 #6 0x00000000004033e8 in strncpy (__len=<value optimized out>, __src=<value optimized out>, __dest=<value optimized out>) at /usr/include/bits/string3.h:122 #7 main (argc=<value optimized out>, argv=<value optimized out>) at sahpi_struct_utils_test.c:1317 (gdb) l 1317 1312 /* oh_print_ctrlrec: Normal stream testcase */ 1313 control.Type = SAHPI_CTRL_TYPE_STREAM; 1314 control.TypeUnion.Stream.Default.Repeat = SAHPI_TRUE; 1315 control.TypeUnion.Stream.Default.StreamLength = strlen("Stream Data"); 1316 memset(&control.TypeUnion.Stream.Default.Stream, 0, sizeof(SAHPI_CTRL_MAX_STREAM_LENGTH)); 1317 strncpy((char *)control.TypeUnion.Stream.Default.Stream, "Stream Data" , strlen("Stream Data")); 1318 1319 printf("Print control - normal stream case\n"); 1320 err = oh_print_ctrlrec(&control, 1); 1321 if (err) { the problem is in the fact that strncpy (line 1317) is copying a string with length = 11 into a too small space (array of 4 members of uint8) defined below sahpi_struct_utils_test.c:1255 SaHpiCtrlRecT control; relevant parts of include/SaHpi.h: #define SAHPI_CTRL_MAX_STREAM_LENGTH 4 typedef struct { SaHpiBoolT Repeat; /* Repeat flag */ SaHpiUint32T StreamLength; /* Length of the data, in bytes, stored in the stream. */ SaHpiUint8T Stream[SAHPI_CTRL_MAX_STREAM_LENGTH]; } SaHpiCtrlStateStreamT; typedef struct { SaHpiCtrlStateStreamT Default; } SaHpiCtrlRecStreamT; typedef union { SaHpiCtrlRecDigitalT Digital; SaHpiCtrlRecDiscreteT Discrete; SaHpiCtrlRecAnalogT Analog; SaHpiCtrlRecStreamT Stream; SaHpiCtrlRecTextT Text; SaHpiCtrlRecOemT Oem; } SaHpiCtrlRecUnionT; typedef struct { SaHpiCtrlNumT Num; /* Control Number/Index */ SaHpiCtrlOutputTypeT OutputType; SaHpiCtrlTypeT Type; /* Type of Control */ SaHpiCtrlRecUnionT TypeUnion; /* Specific Control record */ SaHpiCtrlDefaultModeT DefaultMode; /*Indicates if the Control comes up in Auto or Manual mode. */ SaHpiBoolT WriteOnly; /* Indicates if the Control is write-only. */ SaHpiUint32T Oem; /* Reserved for OEM use */ } SaHpiCtrlRecT; Regards, Dan ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Openhpi-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openhpi-devel
