diff options
author | Kevin Adler <kadler@us.ibm.com> | 2020-11-13 21:35:06 (GMT) |
---|---|---|
committer | Kevin Adler <kadler@us.ibm.com> | 2020-11-13 23:02:55 (GMT) |
commit | a8ad5332894e5276e837b90d378a097024dcfad1 (patch) | |
tree | f1b66863d435127a6397ca4459c2a083b4d8ba6c /src | |
parent | 3094b5c289b418b31e63ad2e7f52a38cf64e3dfc (diff) | |
download | Ninja-a8ad5332894e5276e837b90d378a097024dcfad1.zip Ninja-a8ad5332894e5276e837b90d378a097024dcfad1.tar.gz Ninja-a8ad5332894e5276e837b90d378a097024dcfad1.tar.bz2 |
Fix buffer overread in hash_collision_benchmark.cc
The randomly generated command strings are not null-terminated and
implicitly converted to StringPiece objects, which will use strlen to
determine how long the passed `char*` is. Without the null terminator,
this results in undefined behavior and regularly causes crashes on AIX.
Diffstat (limited to 'src')
-rw-r--r-- | src/hash_collision_bench.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/hash_collision_bench.cc b/src/hash_collision_bench.cc index 52ff56d..8f37ed0 100644 --- a/src/hash_collision_bench.cc +++ b/src/hash_collision_bench.cc @@ -27,9 +27,10 @@ int random(int low, int high) { void RandomCommand(char** s) { int len = random(5, 100); - *s = new char[len]; + *s = new char[len+1]; for (int i = 0; i < len; ++i) (*s)[i] = (char)random(32, 127); + (*s)[len] = '\0'; } int main() { |