strace/0177-strauss-fix-off-by-one...

From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:47:56 +0200
Subject: [PATCH] strauss: fix off-by-one error in strauss array access

It has to be limited with strauss_lines - 1, not strauss_lines.
Reported by covscan:

    Error: OVERRUN (CWE-119):
    strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"
    implies that "i" is at least 33 on the false branch.
    strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"
    of 37 8-byte elements at element index 37 (byte offset 303) using index
    "(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).

* src/strauss.c (print_totd): Limit strauss array accesses to
strauss_lines - 1 instead of strauss_lines.
---
 src/strauss.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/strauss.c b/src/strauss.c
index 98af183..b22ab6a 100644
--- a/src/strauss.c
+++ b/src/strauss.c
@@ -373,16 +373,16 @@ print_totd(void)
 			tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],
 			w, w, tips_tricks_tweaks[id][i] ?: "",
 			tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],
-			strauss[MIN(3 + i, strauss_lines)]);
+			strauss[MIN(3 + i, strauss_lines - 1)]);
 	}
 	fprintf(stderr, "%s%s\n",
-		tip_bottom, strauss[MIN(3 + i, strauss_lines)]);
+		tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);
 	do {
 		fprintf(stderr, "%*s%*s%*s%s\n",
 			(int) strlen(tip_left[0]), "",
 			w, "",
 			(int) strlen(tip_right[0]), "",
-			strauss[MIN(4 + i, strauss_lines)]);
+			strauss[MIN(4 + i, strauss_lines - 1)]);
 	} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));
 
 	printed = true;
-- 
2.1.4
Fix post-rebase issues - Add 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch (v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup") - Add 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch (v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups") - Add 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch (v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access") - Add 0178-util-add-offs-sanity-check-to-print_clock_t.patch (v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t") - Add 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch (v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field") - Add 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch (v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path") - Add 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch )v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs") - Add 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch (v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage") * 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch: New patch. * 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch: Likewise. * 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch: Likewise. * 0178-util-add-offs-sanity-check-to-print_clock_t.patch: Likewise. * 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch: Likewise. * 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch: Likewise. * 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch: Likewise. * 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch: Likewise. * strace.spec (Release): Bump to 2. (Patch175, Patch176, Patch177, Patch178, Patch179, Patch180, Patch181, Patch182): Add. (%prep): Apply them. (%changelog): New record about 5.18-2. Resolves: #2087693 Resolves: #2103068 Resolves: #2103032 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> 2022-07-13 11:07:07 +00:00			`From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001`
			`From: Eugene Syromyatnikov <evgsyr@gmail.com>`
			`Date: Tue, 28 Jun 2022 16:47:56 +0200`
			`Subject: [PATCH] strauss: fix off-by-one error in strauss array access`

			`It has to be limited with strauss_lines - 1, not strauss_lines.`
			`Reported by covscan:`

			`Error: OVERRUN (CWE-119):`
			`strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"`
			`implies that "i" is at least 33 on the false branch.`
			`strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"`
			`of 37 8-byte elements at element index 37 (byte offset 303) using index`
			`"(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).`

			`* src/strauss.c (print_totd): Limit strauss array accesses to`
			`strauss_lines - 1 instead of strauss_lines.`
			`---`
			`src/strauss.c \| 6 +++---`
			`1 file changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/src/strauss.c b/src/strauss.c`
			`index 98af183..b22ab6a 100644`
			`--- a/src/strauss.c`
			`+++ b/src/strauss.c`
			`@@ -373,16 +373,16 @@ print_totd(void)`
			`tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],`
			`w, w, tips_tricks_tweaks[id][i] ?: "",`
			`tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],`
			`- strauss[MIN(3 + i, strauss_lines)]);`
			`+ strauss[MIN(3 + i, strauss_lines - 1)]);`
			`}`
			`fprintf(stderr, "%s%s\n",`
			`- tip_bottom, strauss[MIN(3 + i, strauss_lines)]);`
			`+ tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);`
			`do {`
			`fprintf(stderr, "%s%s%*s%s\n",`
			`(int) strlen(tip_left[0]), "",`
			`w, "",`
			`(int) strlen(tip_right[0]), "",`
			`- strauss[MIN(4 + i, strauss_lines)]);`
			`+ strauss[MIN(4 + i, strauss_lines - 1)]);`
			`} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));`

			`printed = true;`
			`--`
			`2.1.4`