From b533b690f42c9b5eb7093ed07ad5f5642aaa4e53 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sat, 6 Apr 2024 14:07:32 +0200 Subject: [PATCH] Avoid overflow in DAB Monobit2 test. With default ntup 0, the DAB Monobit 2 test tries to select maximum block, but only up to the fixed BLOCK_MAX. User can override the test with ntup value (-n option) but as there are fixed allocation of pvalues, only values up to BLOCK_MAX-1 (15) are allowed. (Increasing BLOCK_MAX would cause malloc to fail anyway.) Skipping automatic block size detection could also cause test to fail if there is not enough samples. Fix possible overflow by exiting the program with an error message as there is no proper invalid return code check (as seen in other tests too). Segfault/overflow easily reproducible with truncate -s 256M test.img dieharder/dieharder -n 32 -d 209 -g 201 -f test.img --- dieharder-src/dieharder-3.31.1/libdieharder/dab_monobit2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dieharder-src/dieharder-3.31.1/libdieharder/dab_monobit2.c b/dieharder-src/dieharder-3.31.1/libdieharder/dab_monobit2.c index 213cece..e69fde9 100644 --- a/dieharder-src/dieharder-3.31.1/libdieharder/dab_monobit2.c +++ b/dieharder-src/dieharder-3.31.1/libdieharder/dab_monobit2.c @@ -42,6 +42,10 @@ int dab_monobit2(Test **test, int irun) if ( nsamp*gsl_ran_binomial_pdf(nmax/2,0.5,nmax) < 20 ) break; } ntup = j; + } else if (ntup >= BLOCK_MAX) { + fprintf(stderr,"Error: Can only use ntup up to %i.\n", BLOCK_MAX-1); + fprintf(stderr," Read test description with dieharder -d 209 -h.\n"); + exit(0); } test[0]->ntuple = ntup;