mirror of
https://sourceware.org/git/glibc.git
synced 2025-10-30 10:45:40 +03:00
a5357b7ce2
A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection.
51 lines
1.2 KiB
C
51 lines
1.2 KiB
C
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
|
|
int
|
|
do_test (void)
|
|
{
|
|
size_t instances = 16384;
|
|
#define X0 "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
|
|
const char *item = "\na\nabbcd55";
|
|
#define X3 X0 X0 X0 X0 X0 X0 X0 X0
|
|
#define X6 X3 X3 X3 X3 X3 X3 X3 X3
|
|
#define X9 X6 X6 X6 X6 X6 X6 X6 X6
|
|
#define X12 X9 X9 X9 X9 X9 X9 X9 X9
|
|
#define X14 X12 X12 X12 X12
|
|
#define TRAILER "%%%%%%%%%%%%%%%%%%%%%%%%%%"
|
|
#define TRAILER2 TRAILER TRAILER
|
|
size_t length = instances * strlen (item) + strlen (TRAILER) + 1;
|
|
|
|
char *buf = malloc (length + 1);
|
|
snprintf (buf, length + 1,
|
|
X14 TRAILER2 "\n",
|
|
"a", "b", "c", "d", 5);
|
|
|
|
const char *p = buf;
|
|
size_t i;
|
|
for (i = 0; i < instances; ++i)
|
|
{
|
|
const char *expected;
|
|
for (expected = item; *expected; ++expected)
|
|
{
|
|
if (*p != *expected)
|
|
{
|
|
printf ("mismatch at offset %zu (%zu): expected %d, got %d\n",
|
|
(size_t) (p - buf), i, *expected & 0xFF, *p & 0xFF);
|
|
return 1;
|
|
}
|
|
++p;
|
|
}
|
|
}
|
|
if (strcmp (p, TRAILER "\n") != 0)
|
|
{
|
|
printf ("mismatch at trailer: [%s]\n", p);
|
|
return 1;
|
|
}
|
|
free (buf);
|
|
return 0;
|
|
}
|
|
#define TEST_FUNCTION do_test ()
|
|
#include "../test-skeleton.c"
|