From a8ad5332894e5276e837b90d378a097024dcfad1 Mon Sep 17 00:00:00 2001
From: Kevin Adler <kadler@us.ibm.com>
Date: Fri, 13 Nov 2020 15:35:06 -0600
Subject: Fix buffer overread in hash_collision_benchmark.cc

The randomly generated command strings are not null-terminated and
implicitly converted to StringPiece objects, which will use strlen to
determine how long the passed `char*` is. Without the null terminator,
this results in undefined behavior and regularly causes crashes on AIX.
---
 src/hash_collision_bench.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/hash_collision_bench.cc b/src/hash_collision_bench.cc
index 52ff56d..8f37ed0 100644
--- a/src/hash_collision_bench.cc
+++ b/src/hash_collision_bench.cc
@@ -27,9 +27,10 @@ int random(int low, int high) {
 
 void RandomCommand(char** s) {
   int len = random(5, 100);
-  *s = new char[len];
+  *s = new char[len+1];
   for (int i = 0; i < len; ++i)
     (*s)[i] = (char)random(32, 127);
+  (*s)[len] = '\0';
 }
 
 int main() {
-- 
cgit v0.12