ACK: [PATCH] acpi/s3 : fix stack smashing crash for s3 test
ivanhu
ivan.hu at canonical.com
Fri Jan 3 03:46:25 UTC 2025
Acked-by: Ivan Hu <ivan.hu at canonical.com>
On 2024/12/18 18:33, Hector Cao wrote:
> when fwts parses /sys/kernel/debug/wakeup_sources, if this file has
> any entry with long name (>32), fwts can crash with error :
> *** stack smashing detected ***: terminated
> this is a gcc stack smashing protection mechanism that is enabled
> with the flag -fstack-protection-strong
>
> this issue has been introduced in the commit
> - s3: add checking the device signed wakeup events
> and delivered in the version V23.09.00
>
> this commit fixes this issue by enforcing the max len of the field
> name fscanf can read from the wakeup_sources entries.
>
> BugLink: https://bugs.launchpad.net/fwts/+bug/2092055
>
> Signed-off-by: Hector Cao <hector.cao at canonical.com>
> ---
> src/acpi/s3/s3.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/acpi/s3/s3.c b/src/acpi/s3/s3.c
> index ffdb7165..c46fe72f 100644
> --- a/src/acpi/s3/s3.c
> +++ b/src/acpi/s3/s3.c
> @@ -96,7 +96,8 @@ static int read_wakeup_source(fwts_list *source)
> /* skip first line */
> while (c = fgetc(fp), c != '\n' && c != EOF);
>
> - while (fscanf(fp, "%s\t%lu\t\t%lu\t\t%lu\t\t%lu\t\t%ld\t\t%ld\t\t%ld\t\t%ld\t\t%ld\n",
> + /* NB: important to specify the max len fscanf reads for name to avoid stack smashing */
> + while (fscanf(fp, "%31s\t%lu\t\t%lu\t\t%lu\t\t%lu\t\t%ld\t\t%ld\t\t%ld\t\t%ld\t\t%ld\n",
> name, &active_count, &event_count,
> &wakeup_count, &expire_count, &active_since,
> &total_time, &max_time, &last_change,
More information about the fwts-devel
mailing list