From 4ea2dedd502e2b4bfa8a47f2aaaaac4eab01e00d Mon Sep 17 00:00:00 2001 From: David Laight Date: Mon, 2 Mar 2026 10:17:58 +0000 Subject: selftests/nolibc: Check that snprintf() doesn't write beyond the buffer end MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fill buf[] with known data and check the vsnprintf() doesn't write beyond the specified buffer length. Would have picked up the bug in field padding. Signed-off-by: David Laight Acked-by: Willy Tarreau Link: https://patch.msgid.link/20260302101815.3043-7-david.laight.linux@gmail.com Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/nolibc-test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index 154cc5711a4c..5dc0edfe8d9a 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -1679,6 +1679,10 @@ static int expect_vfprintf(int llen, const char *expected, const char *fmt, ...) va_list args; ssize_t w, expected_len; + /* Fill and terminate buf[] to check for overlong/absent writes */ + memset(buf, 0xa5, sizeof(buf) - 1); + buf[sizeof(buf) - 1] = 0; + va_start(args, fmt); /* Limit buffer length to test truncation */ w = vsnprintf(buf, VFPRINTF_LEN + 1, fmt, args); @@ -1710,6 +1714,15 @@ static int expect_vfprintf(int llen, const char *expected, const char *fmt, ...) return 1; } + /* Check for any overwrites after the actual data. */ + while (++cmp_len < sizeof(buf) - 1) { + if ((unsigned char)buf[cmp_len] != 0xa5) { + llen += printf(" overwrote buf[%d] with 0x%x", cmp_len, buf[cmp_len]); + result(llen, FAIL); + return 1; + } + } + result(llen, OK); return 0; } -- cgit v1.2.3