From 514063a6d7a628e358894b6a6a6cb089c264fc09 Mon Sep 17 00:00:00 2001
From: Aviv Daum <aviv.daum@gmail.com>
Date: Thu, 19 Mar 2026 00:53:32 +0200
Subject: mtd-utils: tests: jittertest: reject overlong file names

plotJittervsFill copies the -f argument into a 250-byte buffer with
strncpy(..., sizeof(LogFile)). A 250-byte file name leaves the buffer
unterminated, and the subsequent fopen() reads past the end of LogFile.

JitterTest uses the same fixed-size file name pattern for -r, while -c
still silently truncates overlong names and -f already rejects them.

Validate jittertest file name arguments before copying them so these
options all reject overlong input instead of truncating it or reading
past the end of fixed-size buffers.

Add a shell regression test that exercises the accepted and rejected
boundary lengths for plotJittervsFill and JitterTest during make check.

Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 tests/jittertest/plotJittervsFill.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'tests/jittertest/plotJittervsFill.c')

diff --git a/tests/jittertest/plotJittervsFill.c b/tests/jittertest/plotJittervsFill.c
index 03929a9..8929f9a 100644
--- a/tests/jittertest/plotJittervsFill.c
+++ b/tests/jittertest/plotJittervsFill.c
@@ -75,6 +75,21 @@ static int Debug = 0; /* Debug level. Each "-d" on the cmd line increases the le
 
 #define MIN_JITTER_THRESHOLD 1 /* ms minimum jitter threshold */
 
+static void SetLogFileName(
+    const char *pFileName)          /* ptr to desired input file name   */
+{
+    size_t fileNameLen;             /* file name length (bytes)         */
+
+    fileNameLen = strlen(pFileName);
+    if (fileNameLen > sizeof(LogFile) - 1) {
+        printf("File name %s exceeds maximum length %d.\n",
+               pFileName, (int)(sizeof(LogFile) - 1));
+        exit(0);
+    }
+
+    strcpy(LogFile, pFileName);
+}
+
 static void PrintHelpInfo(void)
 {
     printf("Usage: plotJittervsFill [options] -f [--file] <input log file name> -t [--jitter_threshold] <jitter threshold in ms>\n");
@@ -122,7 +137,7 @@ static void HandleCmdLineArgs(
                 /* Set the name of the output file. */
                 ++argNum;
                 if (argNum < argc) {
-                    strncpy(LogFile, argv[argNum], sizeof(LogFile));
+                    SetLogFileName(argv[argNum]);
                 }
                 else {
                     printf("*** Input file name not specified. ***\n");
-- 
cgit v1.2.3