From: Raphael Moreira Zinsly Date: Fri, 21 Aug 2020 15:10:22 +0000 (-0300) Subject: string: test strncasecmp and strncpy near page boundaries X-Git-Tag: glibc-2.33~545 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5df6ebcf44fd89d429c1fee78c893e280a551ee8;p=thirdparty%2Fglibc.git string: test strncasecmp and strncpy near page boundaries Add tests to check if strings placed at page boundaries are handled correctly by strncasecmp and strncpy similar to tests for strncmp and strnlen. --- diff --git a/string/test-strncasecmp.c b/string/test-strncasecmp.c index 6a9c27beae9..502222ed1da 100644 --- a/string/test-strncasecmp.c +++ b/string/test-strncasecmp.c @@ -137,6 +137,48 @@ do_test (size_t align1, size_t align2, size_t n, size_t len, int max_char, do_one_test (impl, s1, s2, n, exp_result); } +static void +do_page_tests (void) +{ + char *s1, *s2; + int exp_result; + const size_t maxoffset = 64; + + s1 = (char *) buf1 + BUF1PAGES * page_size - maxoffset; + memset (s1, 'a', maxoffset - 1); + s1[maxoffset - 1] = '\0'; + + s2 = (char *) buf2 + page_size - maxoffset; + memset (s2, 'a', maxoffset - 1); + s2[maxoffset - 1] = '\0'; + + /* At this point s1 and s2 point to distinct memory regions containing + "aa..." with size of 63 plus '\0'. Also, both strings are bounded to a + page with read/write access and the next page is protected with PROT_NONE + (meaning that any access outside of the page regions will trigger an + invalid memory access). + + The loop checks for all possible offsets up to maxoffset for both + inputs with a size larger than the string (so memory access outside + the expected memory regions might trigger invalid access). */ + + for (size_t off1 = 0; off1 < maxoffset; off1++) + { + for (size_t off2 = 0; off2 < maxoffset; off2++) + { + exp_result = (off1 == off2) + ? 0 + : off1 < off2 + ? 'a' + : -'a'; + + FOR_EACH_IMPL (impl, 0) + check_result (impl, s1 + off1, s2 + off2, maxoffset + 1, + exp_result); + } + } +} + static void do_random_tests (void) { @@ -334,6 +376,7 @@ test_locale (const char *locale) } do_random_tests (); + do_page_tests (); } int diff --git a/string/test-strncpy.c b/string/test-strncpy.c index c978753ad89..e902c1764e2 100644 --- a/string/test-strncpy.c +++ b/string/test-strncpy.c @@ -155,6 +155,40 @@ do_test (size_t align1, size_t align2, size_t len, size_t n, int max_char) do_one_test (impl, s2, s1, len, n); } +static void +do_page_tests (void) +{ + CHAR *s1, *s2; + const size_t maxoffset = 64; + + /* Put s1 at the maxoffset from the edge of buf1's last page. */ + s1 = (CHAR *) buf1 + BUF1PAGES * page_size / sizeof(CHAR) - maxoffset; + /* s2 needs room to put a string with size of maxoffset + 1 at s2 + + (maxoffset - 1). */ + s2 = (CHAR *) buf2 + page_size / sizeof(CHAR) - maxoffset * 2; + + MEMSET (s1, 'a', maxoffset - 1); + s1[maxoffset - 1] = '\0'; + + /* Both strings are bounded to a page with read/write access and the next + page is protected with PROT_NONE (meaning that any access outside of the + page regions will trigger an invalid memory access). + + The loop copies the string s1 for all possible offsets up to maxoffset + for both inputs with a size larger than s1 (so memory access outside the + expected memory regions might trigger invalid access). */ + + for (size_t off1 = 0; off1 < maxoffset; off1++) + { + for (size_t off2 = 0; off2 < maxoffset; off2++) + { + FOR_EACH_IMPL (impl, 0) + do_one_test (impl, s2 + off2, s1 + off1, maxoffset - off1 - 1, + maxoffset + (maxoffset - off2)); + } + } +} + static void do_random_tests (void) { @@ -317,6 +351,7 @@ test_main (void) } do_random_tests (); + do_page_tests (); return ret; }