From: Yan, Zheng <zyan@redhat.com>
Date: Wed, 15 Feb 2017 03:45:26 +0000 (+0800)
Subject: test/libcephfs: avoid buffer overflow when testing ceph_getdents()
X-Git-Tag: v11.2.1~136^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=473ad4ea2a35c74d89605b5579a4ff3866134c2d;p=ceph.git

test/libcephfs: avoid buffer overflow when testing ceph_getdents()

The buffer size should be at least "2 * sizeof(struct dirent)".
Otherwise, the code that checks dentry '..' overflow.

Fixes: http://tracker.ceph.com/issues/18941
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
(cherry picked from commit fa6671345b8f3a82dcd232f99e55a982b0a641f1)
---

diff --git a/src/test/libcephfs/test.cc b/src/test/libcephfs/test.cc
index e2864f8e964cc..283d46ff25651 100644
--- a/src/test/libcephfs/test.cc
+++ b/src/test/libcephfs/test.cc
@@ -362,7 +362,7 @@ TEST(LibCephFS, DirLs) {
 
   // test getdents
   struct dirent *getdents_entries;
-  getdents_entries = (struct dirent *)malloc(r * sizeof(*getdents_entries));
+  getdents_entries = (struct dirent *)malloc((r + 2) * sizeof(*getdents_entries));
 
   int count = 0;
   std::vector<std::string> found;