From 5e5d454037df549cc914f45891957181aa3b0a45 Mon Sep 17 00:00:00 2001 From: Pádraig Brady Date: Tue, 7 Jul 2015 01:46:54 +0100 Subject: shred: fix pattern selection for certain iteration counts This was detected in about 25% of runs with gcc -fsanitize=address ERROR: AddressSanitizer: global-buffer-overflow on address ... READ of size 4 at 0x000000416628 thread T0 #0 0x40479f in genpattern src/shred.c:782 #1 0x4050d9 in do_wipefd src/shred.c:921 #2 0x406203 in wipefile src/shred.c:1175 #3 0x406b84 in main src/shred.c:1316 #4 0x7f3454a1ef9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #5 0x4025d8 (/tmp/coreutils-8.23/src/shred+0x4025d8) 0x000000416628 is located 56 bytes to the left of global variable '*.LC49' from 'src/shred.c' (0x416660) of size 17 0x000000416628 is located 12 bytes to the right of global variable 'patterns' from 'src/shred.c' (0x416540) of size 220 SUMMARY: AddressSanitizer: global-buffer-overflow src/shred.c:782 * src/shred.c (gen_patterns): Restrict pattern selection to the K available, which regressed due to v5.92-1462-g65533e1. * tests/misc/shred-passes.sh: Add a deterministic test case. * NEWS: Mention the bug fix. Fixes http://bugs.gnu.org/20998 --- tests/misc/shred-passes.sh | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'tests/misc') diff --git a/tests/misc/shred-passes.sh b/tests/misc/shred-passes.sh index 0fa63be2f..64216fd8a 100755 --- a/tests/misc/shred-passes.sh +++ b/tests/misc/shred-passes.sh @@ -32,9 +32,9 @@ shred: f: renamed to 0 shred: f: removed" > exp || framework_failure_ shred -v -u f 2>out || fail=1 - compare exp out || fail=1 + # Likewise but for a zero length file # to bypass the data passes touch f || framework_failure_ @@ -44,7 +44,39 @@ shred: f: renamed to 0 shred: f: removed" > exp || framework_failure_ shred -v -u f 2>out || fail=1 +compare exp out || fail=1 + + +# shred data 20 times and verify the passes used. +# This would consume all random data between 5.93 and 8.24 inclusive. +dd bs=100K count=1 if=/dev/zero | tr '\0' 'U' > Us || framework_failure_ +printf 1 > f || framework_failure_ +echo "\ +shred: f: pass 1/20 (random)... +shred: f: pass 2/20 (ffffff)... +shred: f: pass 3/20 (924924)... +shred: f: pass 4/20 (888888)... +shred: f: pass 5/20 (db6db6)... +shred: f: pass 6/20 (777777)... +shred: f: pass 7/20 (492492)... +shred: f: pass 8/20 (bbbbbb)... +shred: f: pass 9/20 (555555)... +shred: f: pass 10/20 (aaaaaa)... +shred: f: pass 11/20 (random)... +shred: f: pass 12/20 (6db6db)... +shred: f: pass 13/20 (249249)... +shred: f: pass 14/20 (999999)... +shred: f: pass 15/20 (111111)... +shred: f: pass 16/20 (000000)... +shred: f: pass 17/20 (b6db6d)... +shred: f: pass 18/20 (eeeeee)... +shred: f: pass 19/20 (333333)... +shred: f: pass 20/20 (random)... +shred: f: removing +shred: f: renamed to 0 +shred: f: removed" > exp || framework_failure_ +shred -v -u -n20 --random-source=Us f 2>out || fail=1 compare exp out || fail=1 -- cgit v1.2.3-70-g09d2