syscalls/msgstress01: Fix off by one in array access

metan-ucw · pevik · commit 0358f7a2788e · 2024-05-23T18:23:42.000+02:00
The size returned from recvmsg() is the size of the payload but the payload is defined as: struct { char len; char pbytes[99]; } data; So the lenght of the pbytes is actually one byte shorter than the size and we access one byte after the array in the comparsion. Better fix for this would be removal of the len from the data payload but since we are close to the release lets do the minimal fix now and do the cleanup after the release. Link: https://lore.kernel.org/ltp/20240523155932.26393-1-chrubis@suse.cz/ Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
diff --git a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
@@ -160,7 +160,7 @@ static void reader(const int id, const int pos)
 			return;
 		}
 
-		for (int i = 0; i < size; i++) {
+		for (int i = 0; i < msg_recv.data.len; i++) {
 			if (msg_recv.data.pbytes[i] != buff->msg.data.pbytes[i]) {
 				tst_res(TFAIL, "Received wrong data at index %d: %x != %x", i,
 					msg_recv.data.pbytes[i],

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,7 @@ static void reader(const int id, const int pos)`
`160`	`160`	`return;`
`161`	`161`	`}`
`162`	`162`
`163`		`- for (int i = 0; i < size; i++) {`
	`163`	`+ for (int i = 0; i < msg_recv.data.len; i++) {`
`164`	`164`	`if (msg_recv.data.pbytes[i] != buff->msg.data.pbytes[i]) {`
`165`	`165`	`tst_res(TFAIL, "Received wrong data at index %d: %x != %x", i,`
`166`	`166`	`msg_recv.data.pbytes[i],`