X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;ds=sidebyside;f=tests%2Ftest-strstr.c;h=37f4bace65be35c1da5b12bd09d1bdeea1350a12;hb=4097b52187106b6a2940d28968cfecd4e53f9b4e;hp=d8bec1504b1f30e5b87c20d29b0ebfff9e630336;hpb=57e915c643273d8a63b89ab48110840deb517b86;p=gnulib.git

diff --git a/tests/test-strstr.c b/tests/test-strstr.c
index d8bec1504..37f4bace6 100644
--- a/tests/test-strstr.c
+++ b/tests/test-strstr.c
@@ -24,6 +24,8 @@
 #include <stdlib.h>
 #include <unistd.h>
 
+#include "zerosize-ptr.h"
+
 #define ASSERT(expr) \
   do									     \
     {									     \
@@ -61,11 +63,23 @@ main (int argc, char *argv[])
   }
 
   {
-    /* See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521737 */
-    char *input = strdup ("aBaaaaaaaaaaax");
-    const char *result = strstr (input, "B1x");
+    /* On some platforms, the memchr() functions reads past the first
+       occurrence of the byte to be searched, leading to an out-of-bounds
+       read access for strstr().
+       See <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521737>.
+       This is a bug in memchr(), see the Austin Group's clarification
+       <http://www.opengroup.org/austin/docs/austin_454.txt>.  */
+    const char *fix = "aBaaaaaaaaaaax";
+    char *page_boundary = (char *) zerosize_ptr ();
+    size_t len = strlen (fix) + 1;
+    char *input = page_boundary ? page_boundary - len : malloc (len);
+    const char *result;
+
+    strcpy (input, fix);
+    result = strstr (input, "B1x");
     ASSERT (result == NULL);
-    free (input);
+    if (!page_boundary)
+      free (input);
   }
 
   {