From 1c2163b9449953d5e602edca844a4ac5bd7baf6d Mon Sep 17 00:00:00 2001
From: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Date: Tue, 8 Jan 2019 11:23:01 +0100
Subject: [PATCH] util/cpuset: fix internal string buffer size

When all CPUs are set, formatted string overflows str buffer in the
spdk_cpuset structure with '\0'.

It may destroy CPUs bitmap when formatting is used, so additional
integrity checks are performed in UT.

Change-Id: I92ac790b2c215428cbe0ae89ab4b28570ddb9a0d
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Reviewed-on: https://review.gerrithub.io/c/440021
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Darek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 lib/util/cpuset.c                       |  2 +-
 test/unit/lib/util/cpuset.c/cpuset_ut.c | 14 ++++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/util/cpuset.c b/lib/util/cpuset.c
index 1a02e59fe..de9fbfb63 100644
--- a/lib/util/cpuset.c
+++ b/lib/util/cpuset.c
@@ -35,7 +35,7 @@
 #include "spdk/log.h"
 
 struct spdk_cpuset {
-	char str[SPDK_CPUSET_SIZE / 4];
+	char str[SPDK_CPUSET_SIZE / 4 + 1];
 	uint8_t cpus[SPDK_CPUSET_SIZE / 8];
 };
 
diff --git a/test/unit/lib/util/cpuset.c/cpuset_ut.c b/test/unit/lib/util/cpuset.c/cpuset_ut.c
index 965760056..11adff879 100644
--- a/test/unit/lib/util/cpuset.c/cpuset_ut.c
+++ b/test/unit/lib/util/cpuset.c/cpuset_ut.c
@@ -213,6 +213,8 @@ test_cpuset_fmt(void)
 
 	/* Set all cores */
 	spdk_cpuset_zero(core_mask);
+	CU_ASSERT(cpuset_check_range(core_mask, 0, SPDK_CPUSET_SIZE - 1, false) == 0);
+
 	for (lcore = 0; lcore < SPDK_CPUSET_SIZE; lcore++) {
 		spdk_cpuset_set_cpu(core_mask, lcore, true);
 	}
@@ -221,11 +223,15 @@ test_cpuset_fmt(void)
 	}
 	hex_mask_ref[SPDK_CPUSET_SIZE / 4] = '\0';
 
+	/* Check data before format */
+	CU_ASSERT(cpuset_check_range(core_mask, 0, SPDK_CPUSET_SIZE - 1, true) == 0);
+
 	hex_mask = spdk_cpuset_fmt(core_mask);
-	CU_ASSERT(hex_mask != NULL);
-	if (hex_mask != NULL) {
-		CU_ASSERT(strcmp(hex_mask_ref, hex_mask) == 0);
-	}
+	SPDK_CU_ASSERT_FATAL(hex_mask != NULL);
+	CU_ASSERT(strcmp(hex_mask_ref, hex_mask) == 0);
+
+	/* Check data integrity after format */
+	CU_ASSERT(cpuset_check_range(core_mask, 0, SPDK_CPUSET_SIZE - 1, true) == 0);
 
 	spdk_cpuset_free(core_mask);
 }