On Tue, Oct 10, 2023 at 11:51:32AM +0800, Binbin Wu wrote:
On 9/27/2023 7:02 PM, kirill.shutemov@linux.intel.com wrote:
On Sun, Sep 24, 2023 at 07:33:46AM +0800, Binbin Wu wrote:
Zero out the buffer for readlink() since readlink() does not append a terminating null byte to the buffer.
Fixes: 833c12ce0f430 ("selftests/x86/lam: Add inherit test cases for linear-address masking")
Signed-off-by: Binbin Wu binbin.wu@linux.intel.com
tools/testing/selftests/x86/lam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/x86/lam.c b/tools/testing/selftests/x86/lam.c index eb0e46905bf9..9f06942a8e25 100644 --- a/tools/testing/selftests/x86/lam.c +++ b/tools/testing/selftests/x86/lam.c @@ -680,7 +680,7 @@ static int handle_execve(struct testcases *test) perror("Fork failed."); ret = 1; } else if (pid == 0) {
char path[PATH_MAX];
char path[PATH_MAX] = {0};Shouldn't it be PATH_MAX+1 to handle the case when readlink(2) stores exactly PATH_MAX bytes into the buffer?
According to the definition of PATH_MAX in include/uapi/linux/limits.h #define PATH_MAX 4096 /* # chars in a path name including nul */
IIUC, Linux limits the path length to 4095 and PATH_MAX includes the terminating nul.
Consider the case when kernel bump PATH_MAX to 8192. The binary that compiled from lam.c against the older kernel headers will get compromised.
Increase the size of the buffer by one or pass PATH_MAX - 1 as buffer size to readlink(2).