This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
[PATCH] nptl improve tst-context1.c to catch buffer overruns, 2nd
- From: Steve Munroe <sjmunroe at us dot ibm dot com>
- To: libc-alpha at sources dot redhat dot com
- Date: Tue, 15 Jun 2004 17:09:37 -0500
- Subject: [PATCH] nptl improve tst-context1.c to catch buffer overruns, 2nd
- Organization: IBM LTC
- Reply-to: sjmunroe at vnet dot ibm dot com
Oops attached the wrong patch the previous email this topic. This email
includes the correct patch.
This patch improves the coverage of tst-context1.c to check for buffer
overruns of the ucontext struct in the get/swapcontext functions.
Defined a new struct tst_context_t to append guard words following each
ucontext_t in the ctx array. Function tf() initializes the guard words
and uc_link before calls to makecontext and swapcontext. Then fct() can
check for any changes to the guard words and verify that uc_link is
still valid.
2004-06-15 Steven Munroe <sjmunroe@us.ibm.com>
* tst-context1.c (GUARD_PATTERN): Defined.
(tst_context_t): Define struct containing ucontext_t & guard words.
(ctx): Declare as an array of tst_context_t.
(fct): Verify uc_link & guard words are still valid.
(tf): Initialize guard words in ctx. Adjust ctx refs for new struct.
diff -urN libc23-cvstip-20040607/nptl/tst-context1.c libc23-ppcvmx-20040607/nptl/tst-context1.c
--- libc23-cvstip-20040607/nptl/tst-context1.c 2004-04-04 05:52:05.000000000 -0500
+++ libc23-ppcvmx-20040607/nptl/tst-context1.c 2004-06-15 12:53:54.497023192 -0500
@@ -25,11 +25,20 @@
#include <stdlib.h>
#include <ucontext.h>
-
#define N 4
+#if __WORDSIZE == 64
+#define GUARD_PATTERN 0xdeadbeafdeadbeaf
+#else
+#define GUARD_PATTERN 0xdeadbeaf
+#endif
+
+typedef struct {
+ ucontext_t uctx;
+ unsigned long guard[3];
+ } tst_context_t;
static char stacks[N][PTHREAD_STACK_MIN];
-static ucontext_t ctx[N][2];
+static tst_context_t ctx[N][2];
static volatile int failures;
@@ -42,6 +51,29 @@
printf ("%ld: in %s now, on_stack = %p\n", n, __FUNCTION__, on_stack);
errno = 0;
+ if (ctx[n][1].uctx.uc_link != &ctx[n][0].uctx)
+ {
+ printf ("context[%ld][1] uc_link damaged, = %p\n", n,
+ ctx[n][1].uctx.uc_link);
+ exit (1);
+ }
+
+ if ((ctx[n][0].guard[0] != GUARD_PATTERN)
+ || (ctx[n][0].guard[1] != GUARD_PATTERN)
+ || (ctx[n][0].guard[2] != GUARD_PATTERN))
+ {
+ printf ("%ld: %s context[0] overflow detected!\n", n, __FUNCTION__);
+ ++failures;
+ }
+
+ if ((ctx[n][1].guard[0] != GUARD_PATTERN)
+ || (ctx[n][1].guard[1] != GUARD_PATTERN)
+ || (ctx[n][1].guard[2] != GUARD_PATTERN))
+ {
+ printf ("%ld: %s context[1] overflow detected!\n", n, __FUNCTION__);
+ ++failures;
+ }
+
if (n < 0 || n >= N)
{
printf ("%ld out of range\n", n);
@@ -61,7 +93,15 @@
{
int n = (int) (long int) arg;
- if (getcontext (&ctx[n][1]) != 0)
+ ctx[n][0].guard[0] = GUARD_PATTERN;
+ ctx[n][0].guard[1] = GUARD_PATTERN;
+ ctx[n][0].guard[2] = GUARD_PATTERN;
+
+ ctx[n][1].guard[0] = GUARD_PATTERN;
+ ctx[n][1].guard[1] = GUARD_PATTERN;
+ ctx[n][1].guard[2] = GUARD_PATTERN;
+
+ if (getcontext (&ctx[n][1].uctx) != 0)
{
printf ("%d: cannot get context: %m\n", n);
exit (1);
@@ -69,14 +109,14 @@
printf ("%d: %s: before makecontext\n", n, __FUNCTION__);
- ctx[n][1].uc_stack.ss_sp = stacks[n];
- ctx[n][1].uc_stack.ss_size = PTHREAD_STACK_MIN;
- ctx[n][1].uc_link = &ctx[n][0];
- makecontext (&ctx[n][1], (void (*) (void)) fct, 1, (long int) n);
+ ctx[n][1].uctx.uc_stack.ss_sp = stacks[n];
+ ctx[n][1].uctx.uc_stack.ss_size = PTHREAD_STACK_MIN;
+ ctx[n][1].uctx.uc_link = &ctx[n][0].uctx;
+ makecontext (&ctx[n][1].uctx, (void (*) (void)) fct, 1, (long int) n);
printf ("%d: %s: before swapcontext\n", n, __FUNCTION__);
- if (swapcontext (&ctx[n][0], &ctx[n][1]) != 0)
+ if (swapcontext (&ctx[n][0].uctx, &ctx[n][1].uctx) != 0)
{
++failures;
printf ("%d: %s: swapcontext failed\n", n, __FUNCTION__);