aboutsummaryrefslogtreecommitdiff
path: root/posix/tst-fnmatch3.c
diff options
context:
space:
mode:
authorPaul Pluzhnikov <ppluzhnikov@google.com>2015-03-02 13:34:22 -0800
committerPaul Pluzhnikov <ppluzhnikov@google.com>2015-03-02 13:34:22 -0800
commitc2c6d39fab901c97c18fa3a3a3658d9dc3f7df61 (patch)
tree43cf2e4e4f302d8bf0a841d8e06ab510b4e4aea7 /posix/tst-fnmatch3.c
parente8b6be0016f131c2ac72bf3213eabdb59800e63b (diff)
downloadglibc-c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61.zip
glibc-c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61.tar.gz
glibc-c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61.tar.bz2
Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch
Diffstat (limited to 'posix/tst-fnmatch3.c')
-rw-r--r--posix/tst-fnmatch3.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
index 75bc00a..fdf9934 100644
--- a/posix/tst-fnmatch3.c
+++ b/posix/tst-fnmatch3.c
@@ -17,6 +17,26 @@
<http://www.gnu.org/licenses/>. */
#include <fnmatch.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <unistd.h>
+
+int
+do_bz18036 (void)
+{
+ const char p[] = "**(!()";
+ const int pagesize = getpagesize ();
+
+ char *pattern = mmap (0, 2 * pagesize, PROT_READ|PROT_WRITE,
+ MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+ if (pattern == MAP_FAILED) return 1;
+
+ mprotect (pattern + pagesize, pagesize, PROT_NONE);
+ memset (pattern, ' ', pagesize);
+ strcpy (pattern, p);
+
+ return fnmatch (pattern, p, FNM_EXTMATCH);
+}
int
do_test (void)
@@ -25,7 +45,7 @@ do_test (void)
return 1;
if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
return 1;
- return 0;
+ return do_bz18036 ();
}
#define TEST_FUNCTION do_test ()
generated by cgit v1.1 at 2024-07-10 13:26:08 +0000