bugzilla-noreply at freebsd.org
2017-May-18 05:12 UTC
[Bug 219154] [PATCH] buffer overflows in realpath(3)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219154 --- Comment #7 from Jan Kokem?ller <jan.kokemueller at gmail.com> --- Created attachment 182684 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182684&action=edit More tests for realpath(3) Here is a patch that adds 'lib/libc/tests/gen/realpath2_test.c'. The first test triggers the out of bounds read of the 'left' array. It only fails when realpath.c is compiled with '-fsanitize=address' so I'm not sure how useful this test is. I didn't manage to read more than one byte beyond the buffer or trigger some visible faulty behavior. The other test checks for ENOENT when running into an empty symlink. This matches NetBSD's realpath(3) semantics. Previously, empty symlinks were treated like ".". -- You are receiving this mail because: You are the assignee for the bug.