Re: [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test
From: Dmitry Vyukov
Date: Thu Apr 23 2020 - 13:26:09 EST
On Thu, Apr 23, 2020 at 5:45 PM Daniel Axtens <dja@xxxxxxxxxx> wrote:
>
> memcmp may bail out before accessing all the memory if the buffers
> contain differing bytes. kasan_memcmp calls memcmp with a stack array.
> Stack variables are not necessarily initialised (in the absence of a
> compiler plugin, at least). Sometimes this causes the memcpy to bail
> early thus fail to trigger kasan.
>
> Make sure the array initialised to zero in the code.
>
> No other test is dependent on the contents of an array on the stack.
>
> Cc: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
> Cc: Alexander Potapenko <glider@xxxxxxxxxx>
> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> Signed-off-by: Daniel Axtens <dja@xxxxxxxxxx>
> Reviewed-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> ---
> lib/test_kasan.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> index 939f395a5392..7700097842c8 100644
> --- a/lib/test_kasan.c
> +++ b/lib/test_kasan.c
> @@ -638,7 +638,7 @@ static noinline void __init kasan_memcmp(void)
> {
> char *ptr;
> size_t size = 24;
> - int arr[9];
> + int arr[9] = {};
>
> pr_info("out-of-bounds in memcmp\n");
> ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
My version of this function contains the following below:
memset(arr, 0, sizeof(arr));
What am I missing?