summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorPeter Hutterer <peter.hutterer@who-t.net>2013-02-14 16:31:13 +1000
committerKeith Packard <keithp@keithp.com>2013-02-14 11:01:21 -0800
commit9a35d4240e2aa91ac104f0f9f86f83ff9a2d3d04 (patch)
tree5bb541b3108b9718cc1eee52d50aa0a0c012ea23 /test
parent955d434f4d755d00a24ae4068b9957765989d672 (diff)
os: fix pnprintf OOB buffer read for unterminated length modifiers
Format strings with length modifiers but missing format specifier like "%0" will read one byte past the array size. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Keith Packard <keithp@keithp.com>
Diffstat (limited to 'test')
-rw-r--r--test/signal-logging.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/test/signal-logging.c b/test/signal-logging.c
index 1ef17af2c..e0eb81006 100644
--- a/test/signal-logging.c
+++ b/test/signal-logging.c
@@ -199,6 +199,14 @@ static void logging_format(void)
read_log_msg(logmsg);
assert(strcmp(logmsg, "(EE) substituted string\n") == 0);
+ /* Invalid format */
+#warning Ignore compiler warning below "lacks type at end of format". This is intentional.
+ LogMessageVerbSigSafe(X_ERROR, -1, "%4", 4);
+ read_log_msg(logmsg);
+ assert(strcmp(logmsg, "(EE) ") == 0);
+ LogMessageVerbSigSafe(X_ERROR, -1, "\n");
+ fseek(f, 0, SEEK_END);
+
/* number substitution */
ui = 0;
do {