syscalls/msgstress01: Fix off by one in array access

The size returned from recvmsg() is the size of the payload but the payload is defined as: struct { char len; char pbytes[99]; } data; So the lenght of the pbytes is actually one byte shorter than the size and we access one byte after the array in the comparsion. Better fix for this would be removal of the len from the data payload but since we are close to the release lets do the minimal fix now and do the cleanup after the release. Link: https://lore.kernel.org/ltp/20240523155932.26393-1-chrubis@suse.cz/ Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
linux-test-project · May 23, 2024 · 0358f7a · 0358f7a
1 parent dac76a8
commit 0358f7a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c b/testcases/kernel/syscalls/ipc/msgstress/msgstress01.c
@@ -160,7 +160,7 @@ static void reader(const int id, const int pos)
 			return;
 		}
 
-		for (int i = 0; i < size; i++) {
+		for (int i = 0; i < msg_recv.data.len; i++) {
 			if (msg_recv.data.pbytes[i] != buff->msg.data.pbytes[i]) {
 				tst_res(TFAIL, "Received wrong data at index %d: %x != %x", i,
 					msg_recv.data.pbytes[i],