Fix a memory corruption (NativeCodeTest testPipeReadV)
1. Use after initialize.
void *bufs[BUFS] is located in stack and does not initilized.
But, testcase is using the variable before memory allocation.
So, readv could write to unexpected memory address.
2. Remove useless code.
iovs[OVERFLOW_BUF - 1] will be initialized after assign.
So, it is a useless code.
Change-Id: Ibe424db64a5eb8020c1067ee4786631fe85b1b2a
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
diff --git a/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp b/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
index d572122..b4b1da0 100644
--- a/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
+++ b/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
@@ -392,16 +392,14 @@
* set up to overflow iov[OVERFLOW_BUF] on non-atomic redo in kernel
* function pipe_iov_copy_to_user
*/
- iovs[OVERFLOW_BUF - 1].iov_len = IOV_LEN*10;
- iovs[OVERFLOW_BUF].iov_base = bufs[OVERFLOW_BUF];
- iovs[OVERFLOW_BUF].iov_len = IOV_LEN;
-
bufs[OVERFLOW_BUF] = mmap((void*)(FIXED_ADDR), PAGE_SIZE, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
if (bufs[OVERFLOW_BUF] == MAP_FAILED) {
ALOGE("mmap fixed addr failed:%s", strerror(errno));
goto __close_pipe;
}
+ iovs[OVERFLOW_BUF].iov_base = bufs[OVERFLOW_BUF];
+ iovs[OVERFLOW_BUF].iov_len = IOV_LEN;
for (i = 0; i < BUFS; i++) {
if (i == OVERFLOW_BUF) {
