From 6fdb473e300812ec9bdec7ba99ba4f117e232130 Mon Sep 17 00:00:00 2001 From: Emilio Gordillo Date: Tue, 23 Jun 2026 11:11:15 -0600 Subject: [PATCH] Fix off-by-one buffer overflow in integration test mergeFunction `resultpath` was allocated as `strlen(destdir) + strlen("/result.dat")` bytes, but the subsequent sprintf writes that many characters plus the terminating NUL, overflowing the heap buffer by one byte. This is harmless under low optimization, but with _FORTIFY_SOURCE active (e.g. -O3 on recent GCC/glibc) the fortified sprintf detects the overflow and aborts with "*** buffer overflow detected ***", crashing the RunTestSplitMergeAndMapReduceFunction integration test. Reserve one extra byte for the NUL terminator. Co-Authored-By: Claude Opus 4.8 --- capio/tests/integration/src/mapreduce.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capio/tests/integration/src/mapreduce.cpp b/capio/tests/integration/src/mapreduce.cpp index a261cbed8..364a1533d 100644 --- a/capio/tests/integration/src/mapreduce.cpp +++ b/capio/tests/integration/src/mapreduce.cpp @@ -222,7 +222,7 @@ int mergeFunction(ssize_t nfiles, char *sourcedir, char *destdir) { } delete[] filepath; - auto resultpath = new char[strlen(destdir) + strlen("/result.dat")]; + auto resultpath = new char[strlen(destdir) + strlen("/result.dat") + 1]; sprintf(resultpath, "%s/result.dat", destdir); FILE *fp = fopen(resultpath, "w"); EXPECT_TRUE(fp);