test/host_command: Do not overflow req_buf

The test attempts to access req_buf outside of its bounds during
test_hostcmd_too_long, let's increase the buffer size.

BRANCH=none
BUG=chromium:854924
TEST=make V=1 TEST_ASAN=y run-host_command -j

Change-Id: Ibacc080c9e961ad4eb56c17908e704796404a9ca
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1109614
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>

1 files changed, 8 insertions, 5 deletions

diff --git a/test/host_command.c b/test/host_command.c
index a98ee87ef6..2385e40ee8 100644
--- a/test/host_command.c
+++ b/test/host_command.c
@@ -13,9 +13,12 @@
 #include "timer.h"
 #include "util.h"
 
+/* Request/response buffer size (and maximum command length) */
+#define BUFFER_SIZE 128
+
 struct host_packet pkt;
-static char resp_buf[128];
-static char req_buf[128];
+static char resp_buf[BUFFER_SIZE];
+static char req_buf[BUFFER_SIZE + 4];
 struct ec_host_request *req = (struct ec_host_request *)req_buf;
 struct ec_params_hello *p = (struct ec_params_hello *)(req_buf + sizeof(*req));
 struct ec_host_response *resp = (struct ec_host_response *)resp_buf;
@@ -58,10 +61,10 @@ static void hostcmd_fill_in_default(void)
 	pkt.request_size = 0;
 	pkt.send_response = hostcmd_respond;
 	pkt.request = (const void *)req_buf;
-	pkt.request_max = 128;
+	pkt.request_max = BUFFER_SIZE;
 	pkt.request_size = sizeof(*req) + sizeof(*p);
 	pkt.response = (void *)resp_buf;
-	pkt.response_max = 128;
+	pkt.response_max = BUFFER_SIZE;
 	pkt.driver_result = 0;
 }
 
@@ -101,7 +104,7 @@ static int test_hostcmd_too_long(void)
 	hostcmd_fill_in_default();
 
 	/* Larger than request buffer */
-	pkt.request_size = sizeof(req_buf) + 4;
+	pkt.request_size = BUFFER_SIZE + 4;
 	hostcmd_send();
 	TEST_ASSERT(resp->result == EC_RES_REQUEST_TRUNCATED);