From 68220b5c429e0205f5f73758ce4b078696dc5388 Mon Sep 17 00:00:00 2001 From: Jakub Czapiga Date: Wed, 24 Feb 2021 12:12:22 +0100 Subject: [PATCH] tests/lib/memchr-test: Fix possible memory overrun, add non-null checks Three calls to memchr() had incorrect length values which could lead to memory overrun. Add non-null checks to ensure correct return values from memchr() Signed-off-by: Jakub Czapiga Change-Id: Ief7b7e2ecb9b5d2e05e6983d92d02fa00935b392 Reviewed-on: https://review.coreboot.org/c/coreboot/+/51054 Tested-by: build bot (Jenkins) Reviewed-by: Paul Fagerburg --- tests/lib/memchr-test.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/lib/memchr-test.c b/tests/lib/memchr-test.c index 4a093c2ea9..9762b9a7e4 100644 --- a/tests/lib/memchr-test.c +++ b/tests/lib/memchr-test.c @@ -47,7 +47,7 @@ static void test_memchr_existing_value(void **state) { /* Test using character string */ void *v1 = memchr(test_data1, 'A', test_data1_sz); - void *v2 = memchr(test_data1 + 26, 'A', test_data1_sz - 10); + void *v2 = memchr(test_data1 + 26, 'A', test_data1_sz - 26); assert_non_null(v1); assert_non_null(v2); @@ -67,13 +67,17 @@ static void test_memchr_existing_value(void **state) static void test_memchr_last_character_in_string(void **state) { void *v1 = memchr(test_data1, '9', test_data1_sz); - void *v2 = memchr(&test_data1[test_data1_sz - 2], '9', test_data1_sz); + void *v2 = memchr(&test_data1[test_data1_sz - 2], '9', 2); void *v3 = memchr(test_data2, 0xff, test_data2_sz); - void *v4 = memchr(&test_data2[test_data2_sz - 1], 0xff, test_data2_sz); + void *v4 = memchr(&test_data2[test_data2_sz - 1], 0xff, 1); + assert_non_null(v1); + assert_non_null(v2); assert_ptr_equal(v1, v2); assert_ptr_equal(v1, &test_data1[test_data1_sz - 2]); + assert_non_null(v3); + assert_non_null(v4); assert_ptr_equal(v3, v4); assert_ptr_equal(v3, &test_data2[test_data2_sz - 1]); }