From d757835d9077d8bf1b7194ec22bb5e5e1d2661d5 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 11 Apr 2020 15:17:37 -0400 Subject: [PATCH] increase size for eight_byte_overflow_large test This was not working as expected due to CONFIG_EXTENDED_SIZE_CLASSES resulting in 128k being a slab allocation size class. The addition of padding for the canary pushes it into the next size class, resulting in this writing over size class rounding padding rather than this actually being an overflow as intended. --- test/simple-memory-corruption/eight_byte_overflow_large.c | 4 ++-- test/simple-memory-corruption/test_smc.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/simple-memory-corruption/eight_byte_overflow_large.c b/test/simple-memory-corruption/eight_byte_overflow_large.c index f7253d6..afb25b8 100644 --- a/test/simple-memory-corruption/eight_byte_overflow_large.c +++ b/test/simple-memory-corruption/eight_byte_overflow_large.c @@ -2,11 +2,11 @@ __attribute__((optimize(0))) int main(void) { - char *p = malloc(128 * 1024); + char *p = malloc(256 * 1024); if (!p) { return 1; } - *(p + 128 * 1024 + 7) = 0; + *(p + 256 * 1024 + 7) = 0; free(p); return 0; } diff --git a/test/simple-memory-corruption/test_smc.py b/test/simple-memory-corruption/test_smc.py index 84e9c3e..a1f3adc 100644 --- a/test/simple-memory-corruption/test_smc.py +++ b/test/simple-memory-corruption/test_smc.py @@ -51,7 +51,7 @@ class TestSimpleMemoryCorruption(unittest.TestCase): def test_eight_byte_overflow_large(self): _stdout, _stderr, returncode = self.run_test( "eight_byte_overflow_large") - self.assertEqual(returncode, 0) + self.assertEqual(returncode, -11) def test_eight_byte_overflow_small(self): _stdout, stderr, returncode = self.run_test(