Hi,
In test_driver_memcmp function, I found buf1 and buf2 is not properly
terminated with null character.
In lib_strncmp, strcpy will be called with buf1 and buf2.
The normal implementation of strcpy function has a loop to copy character from
source
to destination one by one until a null character is encountered.
If the string is not properly terminated, this will cause the strcpy read/write
memory beyond the boundary.
Here I changed the strcpy into strncpy to constraint the function to visit
legal memory only.
Test Okay without any problem. Okay to commit?
Regard,
Renlin
gcc/testsuite/ChangeLog:
2017-08-30 Renlin Li <renlin...@arm.com>
* gcc.dg/memcmp-1.c (test_strncmp): Use strncpy instead of strcpy.
diff --git a/gcc/testsuite/gcc.dg/memcmp-1.c b/gcc/testsuite/gcc.dg/memcmp-1.c
index 828a0ca..d258354 100644
--- a/gcc/testsuite/gcc.dg/memcmp-1.c
+++ b/gcc/testsuite/gcc.dg/memcmp-1.c
@@ -110,8 +110,8 @@ static void test_strncmp_ ## SZ ## _ ## ALIGN (const char *str1, const char *str
{ \
a = three+i*ALIGN+j*(4096-2*i*ALIGN); \
b = four+i*ALIGN+j*(4096-2*i*ALIGN); \
- strcpy(a,str1); \
- strcpy(b,str2); \
+ strncpy(a,str1,SZ); \
+ strncpy(b,str2,SZ); \
r = strncmp(a,b,SZ); \
if ( r < 0 && !(expect < 0) ) abort(); \
if ( r > 0 && !(expect > 0) ) abort(); \
