Describe the bug
The test is segfaulting due to a buffer overflow.
brg_tbl_compact() is writing pass the array end with j=CONFIG_BT_MESH_BRG_TABLE_ITEMS_MAX
*** Booting Zephyr OS build v3.7.0-3250-g654632ea1cbb ***
Running TESTSUITE bt_mesh_brg_cfg
===================================================================
START - test_basic_functionality_storage
=================================================================
==1046312==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0807c420 at pc 0x0804cb5b bp 0xf2bfeff8 sp 0xf2bfefe8
WRITE of size 8 at 0x0807c420 thread T4
#0 0x804cb5a in memset
#1 0x804cb5a in brg_tbl_compact subsys/bluetooth/mesh/brg_cfg.c:46
#2 0x804d5ef in bt_mesh_brg_cfg_tbl_remove subsys/bluetooth/mesh/brg_cfg.c:352
#3 0x804b640 in bt_mesh_brg_cfg_test_basic_functionality_storage tests/bluetooth/mesh/brg/src/main.c:176
#4 0x804b640 in _bt_mesh_brg_cfg_test_basic_functionality_storage_wrapper tests/bluetooth/mesh/brg/src/main.c:132
#5 0x80545f9 in run_test_functions subsys/testsuite/ztest/src/ztest.c:328
#6 0x80545f9 in test_cb subsys/testsuite/ztest/src/ztest.c:662
...
0x0807c420 is located 32 bytes before global variable 'logging_thread' defined in 'subsys/logging/log_core.c:960:17' (0x807c440) of size 112
0x0807c420 is located 0 bytes after global variable 'brg_tbl' defined in 'subsys/bluetooth/mesh/brg_cfg.c:24:35' (0x807c3a0) of size 128
Environment (please complete the following information):
aescolar
commented
2 hours ago
Describe the bug The test is segfaulting due to a buffer overflow.
brg_tbl_compact()is writing pass the array end withj=CONFIG_BT_MESH_BRG_TABLE_ITEMS_MAXTo Reproduce Steps to reproduce the behavior:
You can also build it without ASAN and just see the segfault, or run it with valgrind.
Expected behavior No buffer overflow
Impact Failing test
Logs and console output
Environment (please complete the following information):
Additional context Test introduced in #78400