-----Original Message----- From: Reinette Chatre reinette.chatre@intel.com Sent: Monday, April 13, 2020 9:31 AM To: David Binderman dcb314@hotmail.com; Yu, Fenghua fenghua.yu@intel.com; shuah@kernel.org; Linux Kernel Mailing List <linux- kernel@vger.kernel.org>; linux-kselftest@vger.kernel.org; Prakhya, Sai Praneeth sai.praneeth.prakhya@intel.com Subject: Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15: error: Buffer is accessed out of bounds

+Sai

On 4/13/2020 2:43 AM, David Binderman wrote:

...

Hello there,

Source code is

while (fgets(temp, 1024, fp)) {

but

char *token_array[8], temp[512];

Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem. For example:

# include <stdio.h>

extern void g( int);

void f( FILE * fp) { char buf[ 100];

while (fgets( buf, 200, fp) != 0) { g( 1); } }

gives

$ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2 apr13c.cc In file included from /usr/include/stdio.h:867, from apr13c.cc:2: In function 'char* fgets(char*, int, FILE*)', inlined from 'void f(FILE*)' at apr13c.cc:11:14: /usr/include/bits/stdio2.h:263:26: warning: call to '__fgets_chk_warn' declared with attribute warning: fgets called with bigger size than length of destination buffer [-Wattribute-warning]

I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in all development builds.

Thank you very much for catching this David.

Sai: could you include this fix in your upcoming series of fixes? Using the pattern of "fgets(buf, sizeof(buf), ...)" instead of hard coding the size should be helpful here.

Reinette: Sure! I will include this fix. Just FYI, I did notice this and have fixed it in V1 patches that I sent out earlier.

David: Thanks for bringing this up. I wasn't aware of the gcc flag you had mentioned. I will add it.

Regards, Sai