From 834dfd72c56eafd1c0f516019a0c8f198ae8c5a5 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Mon, 8 Apr 2019 17:38:16 +0200 Subject: [PATCH] libnm-core: fix wrong memory access in tests ==16725==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000005a159f at pc 0x00000046fc1b bp 0x7fff6038f900 sp 0x7fff6038f8f0 READ of size 1 at 0x0000005a159f thread T0 #0 0x46fc1a in _do_test_unescape_spaces libnm-core/tests/test-general.c:7791 #1 0x46fe5b in test_nm_utils_unescape_spaces libnm-core/tests/test-general.c:7810 #2 0x7f4ac5fe7fc9 in test_case_run gtestutils.c:2318 #3 0x7f4ac5fe7fc9 in g_test_run_suite_internal gtestutils.c:2403 #4 0x7f4ac5fe7e83 in g_test_run_suite_internal gtestutils.c:2415 #5 0x7f4ac5fe7e83 in g_test_run_suite_internal gtestutils.c:2415 #6 0x7f4ac5fe8281 in g_test_run_suite gtestutils.c:2490 #7 0x7f4ac5fe82a4 in g_test_run (/lib64/libglib-2.0.so.0+0x772a4) #8 0x48240d in main libnm-core/tests/test-general.c:7994 #9 0x7f4ac5dc9412 in __libc_start_main (/lib64/libc.so.6+0x24412) #10 0x423ffd in _start (/home/bgalvani/work/NetworkManager/libnm-core/tests/test-general+0x423ffd) 0x0000005a159f is located 49 bytes to the right of global variable '*.LC370' defined in 'libnm-core/tests/test-general.c' (0x5a1560) of size 14 '*.LC370' is ascii string 'nick-5, green' 0x0000005a159f is located 1 bytes to the left of global variable '*.LC371' defined in 'libnm-core/tests/test-general.c' (0x5a15a0) of size 1 '*.LC371' is ascii string '' SUMMARY: AddressSanitizer: global-buffer-overflow libnm-core/tests/test-general.c:7791 in _do_test_unescape_spaces --- libnm-core/tests/test-general.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libnm-core/tests/test-general.c b/libnm-core/tests/test-general.c index 175b48b505..f6bbd626c3 100644 --- a/libnm-core/tests/test-general.c +++ b/libnm-core/tests/test-general.c @@ -8075,7 +8075,7 @@ _do_test_unescape_spaces (const char *in, const char *out) gboolean append = nmtst_get_rand_bool (); char ch = nmtst_rand_select (' ', '\t'); - if (append && out[strlen (out) - 1] == '\\') + if (append && out[0] && out[strlen (out) - 1] == '\\') append = FALSE; g_string_insert_c (str_in, append ? -1 : 0, ch);