From: Yan, Zheng <zyan@redhat.com>
Date: Wed, 15 Feb 2017 03:45:26 +0000 (+0800)
Subject: test/libcephfs: avoid buffer overflow when testing ceph_getdents()
X-Git-Tag: v10.2.8~33^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=63f41d543f8a5f1f55a12612d39c6a2a1cf9c114;p=ceph.git

test/libcephfs: avoid buffer overflow when testing ceph_getdents()

The buffer size should be at least "2 * sizeof(struct dirent)".
Otherwise, the code that checks dentry '..' overflow.

Fixes: http://tracker.ceph.com/issues/18941
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
(cherry picked from commit fa6671345b8f3a82dcd232f99e55a982b0a641f1)
---

diff --git a/src/test/libcephfs/test.cc b/src/test/libcephfs/test.cc
index 42b02f11d7b..df7db20a70c 100644
--- a/src/test/libcephfs/test.cc
+++ b/src/test/libcephfs/test.cc
@@ -361,7 +361,7 @@ TEST(LibCephFS, DirLs) {
 
   // test getdents
   struct dirent *getdents_entries;
-  getdents_entries = (struct dirent *)malloc(r * sizeof(*getdents_entries));
+  getdents_entries = (struct dirent *)malloc((r + 2) * sizeof(*getdents_entries));
 
   int count = 0;
   std::vector<std::string> found;