Page MenuHomeFreeBSD

Compute the correct size of the string to move forward.
ClosedPublic

Authored by jhb on Sep 1 2020, 4:37 PM.
Tags
None
Referenced Files
F106058102: D26280.id76501.diff
Tue, Dec 24, 4:23 PM
Unknown Object (File)
Nov 18 2024, 4:20 PM
Unknown Object (File)
Nov 12 2024, 2:44 AM
Unknown Object (File)
Nov 10 2024, 12:12 PM
Unknown Object (File)
Oct 31 2024, 12:48 AM
Unknown Object (File)
Oct 30 2024, 6:53 AM
Unknown Object (File)
Sep 25 2024, 3:30 AM
Unknown Object (File)
Sep 23 2024, 5:14 PM
Subscribers

Details

Summary

Previously this was counting the amount of spare room at the start of
the buffer that the string needed to move forward and passing that as
the number of bytes to copy to memmove rather than the length of the
string to be copied.

In the strfmon test in the test suite this caused the memmove to
overflow the allocated buffer by one byte which CHERI caught.

Reported by: CHERI
Obtained from: CheriBSD

Test Plan
  • run the strfmon_test tests under CHERI and verify still works under plain riscv64

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Sep 1 2020, 4:37 PM
jhb created this revision.

Ironically, this appears to have been introduced in rS104963 where the commit log there claims it was fixing bad pointer arithmetic. I think perhaps the author there didn't realize the string was right justified?

This revision is now accepted and ready to land.Sep 1 2020, 6:05 PM