* src/shred.c (fillpattern): Fix the "off by one" issue when
testing whether we have enough space to copy the already
written portion of the buffer to the remainder of the buffer.
Specifically for buffer sizes that are (3*(2^x))+1, i.e. 7,13,...
we both use an uninitialized byte and invoke undefined
behavior in memcpy() operation on overlapping memory regions.
* tests/misc/shred-passes.sh: Add an invocation that will
trigger either valgrind UMR, or ASAN like:
ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges
#1 0x403065 in fillpattern src/shred.c:293
A direct test is awkward due to the random writes surrounding
the problematic pattern writes.
Fixes http://bugs.gnu.org/26545
r[0] = (bits >> 4) & 255;
r[1] = (bits >> 8) & 255;
r[2] = bits & 255;
- for (i = 3; i < size / 2; i *= 2)
+ for (i = 3; i <= size / 2; i *= 2)
memcpy (r + i, r, i);
if (i < size)
memcpy (r + i, r, size - i);
shred -v -u -n20 -s4096 --random-source=Us f 2>out || fail=1
compare exp out || fail=1
+# Trigger an issue in shred before v8.27 where single
+# bytes in the pattern space were not initialized correctly
+# for particular sizes, like 7,13,...
+# This failed under both valgrind and ASAN.
+for size in 1 2 6 7 8; do
+ touch shred.pattern.umr.size
+ shred -n4 -s$size shred.pattern.umr.size || fail=1
+done
Exit $fail
projects / thirdparty / coreutils.git / commitdiff
