Fix out of bounds read in error case in messenger_test.

Also got rid of two VLAs. They are overused a bit in toxcore. In irc_syncbot, the array was uninitialised and then filled by a recv system call. This can cause uninitialised reads if recv doesn't fill the entire array. It could not cause out of bounds read directly, because a NUL-terminator was in place, but both cases are undefined behaviour.
2024-03-22 13:30:51 +08:00 · 2018-01-25 03:13:46 +00:00 · 2018-01-25 03:13:46 +00:00 · 9c03439ad0
commit 9c03439ad0
parent 2a5941c9f9
2 changed files with 6 additions and 4 deletions
--- a/auto_tests/messenger_test.c
+++ b/auto_tests/messenger_test.c
@ -184,8 +184,8 @@ END_TEST
 START_TEST(test_getself_name)
 {
    const char *nickname = "testGallop";
-    int len = strlen(nickname);
-    VLA(char, nick_check, len);
+    size_t len = strlen(nickname);
+    char *nick_check = (char *)calloc(len + 1, 1);

    setname(m, (const uint8_t *)nickname, len);
    getself_name(m, (uint8_t *)nick_check);
@ -193,6 +193,7 @@ START_TEST(test_getself_name)
    ck_assert_msg((memcmp(nickname, nick_check, len) == 0),
                  "getself_name failed to return the known name!\n"
                  "known name: %s\nreturned: %s\n", nickname, nick_check);
+    free(nick_check);
 }
 END_TEST

--- a/testing/irc_syncbot.c
+++ b/testing/irc_syncbot.c
@ -300,8 +300,7 @@ int main(int argc, char *argv[])
        if (count > 0) {
            last_get = get_monotime_sec();
            ping_sent = 0;
-            VLA(uint8_t, data, count + 1);
-            data[count] = 0;
+            uint8_t *data = (uint8_t *)calloc(count + 1, 1);
            recv(sock, data, count, MSG_NOSIGNAL);
            printf("%s", data);

@ -345,6 +344,8 @@ int main(int argc, char *argv[])
                    p_i = i + 1;
                }
            }
+
+            free(data);
        }

        if (connected == 1) {