From 8c1a84778bb05a3becc493698b215681bf7249b3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sat, 19 Sep 2020 08:00:00 +0000 Subject: [PATCH 160/162] tests: disable shmctl IPC_STAT test with a bogus address on glibc >= 2.32 Starting with commit glibc-2.32~80, on every 32-bit architecture where 32-bit time_t support is enabled, glibc tries to retrieve the data provided in the third argument of shmctl call. This results to segfaults inside glibc when shmctl is called with a bogus address. * tests/ipc_shm.c [GLIBC_PREREQ_GE(2, 32) && __TIMESIZE != 64] (TEST_SHMCTL_BOGUS_ADDR): Define to 0. (main): Conditionalize on TEST_SHMCTL_BOGUS_ADDR the shmctl IPC_STAT invocation with a bogus address. --- tests/ipc_shm.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ipc_shm.c b/tests/ipc_shm.c index 5cd414e..695fd94 100644 --- a/tests/ipc_shm.c +++ b/tests/ipc_shm.c @@ -73,6 +73,21 @@ # define str_bogus_cmd "0xdefaced2 /\\* SHM_\\?\\?\\? \\*/" #endif +#undef TEST_SHMCTL_BOGUS_ADDR + +/* + * Starting with commit glibc-2.32~80, on every 32-bit architecture + * where 32-bit time_t support is enabled, glibc tries to retrieve + * the data provided in the third argument of shmctl call. + */ +#if GLIBC_PREREQ_GE(2, 32) && defined __TIMESIZE && __TIMESIZE != 64 +# define TEST_SHMCTL_BOGUS_ADDR 0 +#endif + +#ifndef TEST_SHMCTL_BOGUS_ADDR +# define TEST_SHMCTL_BOGUS_ADDR 1 +#endif + static int id = -1; static void @@ -92,7 +107,9 @@ main(void) static const key_t bogus_key = (key_t) 0xeca86420fdb97531ULL; static const int bogus_id = 0xdefaced1; static const int bogus_cmd = 0xdefaced2; +#if TEST_SHMCTL_BOGUS_ADDR static void * const bogus_addr = (void *) -1L; +#endif static const size_t bogus_size = /* * musl sets size to SIZE_MAX if size argument is greater than @@ -160,10 +177,12 @@ main(void) printf("shmctl\\(%d, (%s\\|)?%s, NULL\\) = %s\n", bogus_id, str_ipc_64, str_bogus_cmd, sprintrc_grep(rc)); +#if TEST_SHMCTL_BOGUS_ADDR rc = shmctl(bogus_id, IPC_STAT, bogus_addr); printf("shmctl\\(%d, (%s\\|)?%s, %p\\) = %s\n", bogus_id, str_ipc_64, str_ipc_stat, bogus_addr, sprintrc_grep(rc)); +#endif if (shmctl(id, IPC_STAT, &ds)) perror_msg_and_skip("shmctl IPC_STAT"); diff --git a/tests-m32/ipc_shm.c b/tests-m32/ipc_shm.c index 5cd414e..695fd94 100644 --- a/tests-m32/ipc_shm.c +++ b/tests-m32/ipc_shm.c @@ -73,6 +73,21 @@ # define str_bogus_cmd "0xdefaced2 /\\* SHM_\\?\\?\\? \\*/" #endif +#undef TEST_SHMCTL_BOGUS_ADDR + +/* + * Starting with commit glibc-2.32~80, on every 32-bit architecture + * where 32-bit time_t support is enabled, glibc tries to retrieve + * the data provided in the third argument of shmctl call. + */ +#if GLIBC_PREREQ_GE(2, 32) && defined __TIMESIZE && __TIMESIZE != 64 +# define TEST_SHMCTL_BOGUS_ADDR 0 +#endif + +#ifndef TEST_SHMCTL_BOGUS_ADDR +# define TEST_SHMCTL_BOGUS_ADDR 1 +#endif + static int id = -1; static void @@ -92,7 +107,9 @@ main(void) static const key_t bogus_key = (key_t) 0xeca86420fdb97531ULL; static const int bogus_id = 0xdefaced1; static const int bogus_cmd = 0xdefaced2; +#if TEST_SHMCTL_BOGUS_ADDR static void * const bogus_addr = (void *) -1L; +#endif static const size_t bogus_size = /* * musl sets size to SIZE_MAX if size argument is greater than @@ -160,10 +177,12 @@ main(void) printf("shmctl\\(%d, (%s\\|)?%s, NULL\\) = %s\n", bogus_id, str_ipc_64, str_bogus_cmd, sprintrc_grep(rc)); +#if TEST_SHMCTL_BOGUS_ADDR rc = shmctl(bogus_id, IPC_STAT, bogus_addr); printf("shmctl\\(%d, (%s\\|)?%s, %p\\) = %s\n", bogus_id, str_ipc_64, str_ipc_stat, bogus_addr, sprintrc_grep(rc)); +#endif if (shmctl(id, IPC_STAT, &ds)) perror_msg_and_skip("shmctl IPC_STAT"); diff --git a/tests-mx32/ipc_shm.c b/tests-mx32/ipc_shm.c index 5cd414e..695fd94 100644 --- a/tests-mx32/ipc_shm.c +++ b/tests-mx32/ipc_shm.c @@ -73,6 +73,21 @@ # define str_bogus_cmd "0xdefaced2 /\\* SHM_\\?\\?\\? \\*/" #endif +#undef TEST_SHMCTL_BOGUS_ADDR + +/* + * Starting with commit glibc-2.32~80, on every 32-bit architecture + * where 32-bit time_t support is enabled, glibc tries to retrieve + * the data provided in the third argument of shmctl call. + */ +#if GLIBC_PREREQ_GE(2, 32) && defined __TIMESIZE && __TIMESIZE != 64 +# define TEST_SHMCTL_BOGUS_ADDR 0 +#endif + +#ifndef TEST_SHMCTL_BOGUS_ADDR +# define TEST_SHMCTL_BOGUS_ADDR 1 +#endif + static int id = -1; static void @@ -92,7 +107,9 @@ main(void) static const key_t bogus_key = (key_t) 0xeca86420fdb97531ULL; static const int bogus_id = 0xdefaced1; static const int bogus_cmd = 0xdefaced2; +#if TEST_SHMCTL_BOGUS_ADDR static void * const bogus_addr = (void *) -1L; +#endif static const size_t bogus_size = /* * musl sets size to SIZE_MAX if size argument is greater than @@ -160,10 +177,12 @@ main(void) printf("shmctl\\(%d, (%s\\|)?%s, NULL\\) = %s\n", bogus_id, str_ipc_64, str_bogus_cmd, sprintrc_grep(rc)); +#if TEST_SHMCTL_BOGUS_ADDR rc = shmctl(bogus_id, IPC_STAT, bogus_addr); printf("shmctl\\(%d, (%s\\|)?%s, %p\\) = %s\n", bogus_id, str_ipc_64, str_ipc_stat, bogus_addr, sprintrc_grep(rc)); +#endif if (shmctl(id, IPC_STAT, &ds)) perror_msg_and_skip("shmctl IPC_STAT"); -- 2.1.4