From a8ad5332894e5276e837b90d378a097024dcfad1 Mon Sep 17 00:00:00 2001 From: Kevin Adler Date: Fri, 13 Nov 2020 15:35:06 -0600 Subject: Fix buffer overread in hash_collision_benchmark.cc The randomly generated command strings are not null-terminated and implicitly converted to StringPiece objects, which will use strlen to determine how long the passed `char*` is. Without the null terminator, this results in undefined behavior and regularly causes crashes on AIX. --- src/hash_collision_bench.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/hash_collision_bench.cc b/src/hash_collision_bench.cc index 52ff56d..8f37ed0 100644 --- a/src/hash_collision_bench.cc +++ b/src/hash_collision_bench.cc @@ -27,9 +27,10 @@ int random(int low, int high) { void RandomCommand(char** s) { int len = random(5, 100); - *s = new char[len]; + *s = new char[len+1]; for (int i = 0; i < len; ++i) (*s)[i] = (char)random(32, 127); + (*s)[len] = '\0'; } int main() { -- cgit v0.12