sizeof(msg) only gives the expected answer if msg is an array, not if it is a pointer. Since msg happens to be smaller than a pointer (4 vs 16 in PCuABI), the write() syscall below ends up reading out of bounds (unless prevented by the capability bounds being too narrow).
Fixes: ("kselftests/arm64: morello: Add pcuabi tests for mmap & co") Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- tools/testing/selftests/arm64/morello/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/morello/mmap.c b/tools/testing/selftests/arm64/morello/mmap.c index 5d259c336f55..62fc14d14d46 100644 --- a/tools/testing/selftests/arm64/morello/mmap.c +++ b/tools/testing/selftests/arm64/morello/mmap.c @@ -63,7 +63,7 @@ void syscall_mmap(void) static inline __attribute__((always_inline)) void syscall_mmap2(void) { - const char *msg = "foo"; + const char msg[] = "foo"; unsigned int msg_len = sizeof(msg); /* No need for the terminator */ const char *sample_file = "/limbo.dat"; void *addr;