From 9c03439ad09f6f23ca634685d5b0b9cac8b03a88 Mon Sep 17 00:00:00 2001
From: iphydf <iphydf@users.noreply.github.com>
Date: Thu, 25 Jan 2018 03:13:46 +0000
Subject: Fix out of bounds read in error case in messenger_test.

Also got rid of two VLAs. They are overused a bit in toxcore. In
irc_syncbot, the array was uninitialised and then filled by a recv system
call. This can cause uninitialised reads if recv doesn't fill the entire
array. It could not cause out of bounds read directly, because a
NUL-terminator was in place, but both cases are undefined behaviour.
---
 auto_tests/messenger_test.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'auto_tests/messenger_test.c')

diff --git a/auto_tests/messenger_test.c b/auto_tests/messenger_test.c
index 614b1057..8ab185a0 100644
--- a/auto_tests/messenger_test.c
+++ b/auto_tests/messenger_test.c
@@ -184,8 +184,8 @@ END_TEST
 START_TEST(test_getself_name)
 {
     const char *nickname = "testGallop";
-    int len = strlen(nickname);
-    VLA(char, nick_check, len);
+    size_t len = strlen(nickname);
+    char *nick_check = (char *)calloc(len + 1, 1);
 
     setname(m, (const uint8_t *)nickname, len);
     getself_name(m, (uint8_t *)nick_check);
@@ -193,6 +193,7 @@ START_TEST(test_getself_name)
     ck_assert_msg((memcmp(nickname, nick_check, len) == 0),
                   "getself_name failed to return the known name!\n"
                   "known name: %s\nreturned: %s\n", nickname, nick_check);
+    free(nick_check);
 }
 END_TEST
 
-- 
cgit v1.2.3