summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Adler <kadler@us.ibm.com>2020-11-13 15:35:06 -0600
committerKevin Adler <kadler@us.ibm.com>2020-11-13 17:02:55 -0600
commita8ad5332894e5276e837b90d378a097024dcfad1 (patch)
treef1b66863d435127a6397ca4459c2a083b4d8ba6c
parent3094b5c289b418b31e63ad2e7f52a38cf64e3dfc (diff)
downloadninja-a8ad5332894e5276e837b90d378a097024dcfad1.tar.gz
Fix buffer overread in hash_collision_benchmark.cc
The randomly generated command strings are not null-terminated and implicitly converted to StringPiece objects, which will use strlen to determine how long the passed `char*` is. Without the null terminator, this results in undefined behavior and regularly causes crashes on AIX.
Diffstat
-rw-r--r--src/hash_collision_bench.cc3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/hash_collision_bench.cc b/src/hash_collision_bench.cc
index 52ff56d..8f37ed0 100644
--- a/src/hash_collision_bench.cc
+++ b/src/hash_collision_bench.cc
@@ -27,9 +27,10 @@ int random(int low, int high) {
void RandomCommand(char** s) {
int len = random(5, 100);
- *s = new char[len];
+ *s = new char[len+1];
for (int i = 0; i < len; ++i)
(*s)[i] = (char)random(32, 127);
+ (*s)[len] = '\0';
}
int main() {
View Lorry Controller Status