From patchwork Fri Jul 15 10:24:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 72090 Delivered-To: patches@linaro.org Received: by 10.140.29.52 with SMTP id a49csp537035qga; Fri, 15 Jul 2016 03:24:12 -0700 (PDT) X-Received: by 10.194.108.230 with SMTP id hn6mr13267wjb.67.1468578252182; Fri, 15 Jul 2016 03:24:12 -0700 (PDT) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id y135si4531343wmd.74.2016.07.15.03.24.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Jul 2016 03:24:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1bO0Hz-0000m9-CF; Fri, 15 Jul 2016 11:24:11 +0100 From: Peter Maydell To: ltp@lists.linux.it Cc: patches@linaro.org Subject: [PATCH] syscalls/read02: Don't pass invalid buffer to read when testing for bad fds Date: Fri, 15 Jul 2016 11:24:10 +0100 Message-Id: <1468578250-26463-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.9.1 The read02 testcases 1 and 2 are intended to check the handling of the read syscall with an invalid fd (should fail EBADF) and an fd which is a directory (should fail EISDIR). However a bug in the test code meant that it also passed a NULL pointer as the buffer argument, and so the test only succeeded because of the implementation detail that the kernel happens to check for the EBADF and EISDIR errors before it checks the buffer pointer validity for an EFAULT error. The 'buf' field in the test_case_t structure is supposed to be a pointer to the address of the buffer, but it was being initialised with the address of the buffer itself; fix this by adding the extra indirection via a new 'bufaddr' variable, so that the test is checking the condition it intends to and nothing more. Signed-off-by: Peter Maydell --- testcases/kernel/syscalls/read/read02.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 1.9.1 diff --git a/testcases/kernel/syscalls/read/read02.c b/testcases/kernel/syscalls/read/read02.c index 1e0f83a..587b2ae 100644 --- a/testcases/kernel/syscalls/read/read02.c +++ b/testcases/kernel/syscalls/read/read02.c @@ -54,6 +54,7 @@ char *TCID = "read02"; static int badfd = -1; static int fd2, fd3, fd4 = -1; static char buf[BUFSIZ]; +static void *bufaddr = buf; static void *outside_buf = (void *)-1; static void *addr4; static void *addr5; @@ -66,8 +67,8 @@ static struct test_case_t { size_t count; int exp_error; } TC[] = { - {&badfd, (void **)&buf, 1, EBADF}, - {&fd2, (void **)&buf, 1, EISDIR}, + {&badfd, &bufaddr, 1, EBADF}, + {&fd2, &bufaddr, 1, EISDIR}, #ifndef UCLINUX {&fd3, &outside_buf, 1, EFAULT}, #endif