From 514063a6d7a628e358894b6a6a6cb089c264fc09 Mon Sep 17 00:00:00 2001
From: Aviv Daum <aviv.daum@gmail.com>
Date: Thu, 19 Mar 2026 00:53:32 +0200
Subject: mtd-utils: tests: jittertest: reject overlong file names

plotJittervsFill copies the -f argument into a 250-byte buffer with
strncpy(..., sizeof(LogFile)). A 250-byte file name leaves the buffer
unterminated, and the subsequent fopen() reads past the end of LogFile.

JitterTest uses the same fixed-size file name pattern for -r, while -c
still silently truncates overlong names and -f already rejects them.

Validate jittertest file name arguments before copying them so these
options all reject overlong input instead of truncating it or reading
past the end of fixed-size buffers.

Add a shell regression test that exercises the accepted and rejected
boundary lengths for plotJittervsFill and JitterTest during make check.

Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 2a79ba8..f17d703 100644
--- a/configure.ac
+++ b/configure.ac
@@ -304,6 +304,7 @@ AC_CONFIG_FILES([tests/fs-tests/fs_help_all.sh
 	tests/fs-tests/fs_run_all.sh
 	tests/fs-tests/stress/fs_stress00.sh
 	tests/fs-tests/stress/fs_stress01.sh
+	tests/jittertest/filename_bounds.sh
 	tests/ubi-tests/runubitests.sh
 	tests/ubi-tests/ubi-stress-test.sh
 	tests/ubifs_tools-tests/lib/common.sh
-- 
cgit v1.2.3