diff options
| author | Pádraig Brady <P@draigBrady.com> | 2015-07-07 01:46:54 +0100 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2015-07-07 03:26:58 +0100 |
| commit | 5e5d454037df549cc914f45891957181aa3b0a45 (patch) | |
| tree | c38655200dc8b738328205b4326f2e129d6b89b1 /src/shred.c | |
| parent | c5ff0d989ffbb16273776092a10553108f269d85 (diff) | |
| download | coreutils-5e5d454037df549cc914f45891957181aa3b0a45.tar.xz | |
shred: fix pattern selection for certain iteration counts
This was detected in about 25% of runs with gcc -fsanitize=address
ERROR: AddressSanitizer: global-buffer-overflow on address ...
READ of size 4 at 0x000000416628 thread T0
#0 0x40479f in genpattern src/shred.c:782
#1 0x4050d9 in do_wipefd src/shred.c:921
#2 0x406203 in wipefile src/shred.c:1175
#3 0x406b84 in main src/shred.c:1316
#4 0x7f3454a1ef9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
#5 0x4025d8 (/tmp/coreutils-8.23/src/shred+0x4025d8)
0x000000416628 is located 56 bytes to the left of
global variable '*.LC49' from 'src/shred.c' (0x416660) of size 17
0x000000416628 is located 12 bytes to the right of
global variable 'patterns' from 'src/shred.c' (0x416540) of size 220
SUMMARY: AddressSanitizer: global-buffer-overflow src/shred.c:782
* src/shred.c (gen_patterns): Restrict pattern selection
to the K available, which regressed due to v5.92-1462-g65533e1.
* tests/misc/shred-passes.sh: Add a deterministic test case.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/20998
Diffstat (limited to 'src/shred.c')
| -rw-r--r-- | src/shred.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/shred.c b/src/shred.c index 63bcd6fc5..52c93ef61 100644 --- a/src/shred.c +++ b/src/shred.c @@ -712,7 +712,7 @@ static int const 12, 0x111, 0x222, 0x333, 0x444, 0x666, 0x777, 0x888, 0x999, 0xBBB, 0xCCC, 0xDDD, 0xEEE, /* 4-bit */ -1, /* 1 random pass */ - /* The following patterns have the frst bit per block flipped */ + /* The following patterns have the first bit per block flipped */ 8, 0x1000, 0x1249, 0x1492, 0x16DB, 0x1924, 0x1B6D, 0x1DB6, 0x1FFF, 14, 0x1111, 0x1222, 0x1333, 0x1444, 0x1555, 0x1666, 0x1777, 0x1888, 0x1999, 0x1AAA, 0x1BBB, 0x1CCC, 0x1DDD, 0x1EEE, @@ -776,7 +776,7 @@ genpattern (int *dest, size_t num, struct randint_source *s) break; } else - { /* Pad out with k of the n available */ + { /* Pad out with n of the k available */ do { if (n == (size_t) k || randint_choose (s, k) < n) @@ -785,6 +785,7 @@ genpattern (int *dest, size_t num, struct randint_source *s) n--; } p++; + k--; } while (n); break; |