From 6cb6764bb1778b8c4f92680295f928fec074e3d7 Mon Sep 17 00:00:00 2001
From: Robert Morris <rtm@csail.mit.edu>
Date: Fri, 7 Aug 2020 16:56:00 -0400
Subject: [PATCH] test string system call arguments that cross over the end of
 the last page.

---
 user/usertests.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/user/usertests.c b/user/usertests.c
index 5c2fc02..dfe0039 100644
--- a/user/usertests.c
+++ b/user/usertests.c
@@ -22,6 +22,8 @@
 char buf[BUFSZ];
 char name[3];
 
+// what if you pass ridiculous pointers to system calls
+// that read user memory with copyin?
 void
 copyin(char *s)
 {
@@ -64,6 +66,8 @@ copyin(char *s)
   }
 }
 
+// what if you pass ridiculous pointers to system calls
+// that write user memory with copyout?
 void
 copyout(char *s)
 {
@@ -104,6 +108,7 @@ copyout(char *s)
   }
 }
 
+// what if you pass ridiculous string pointers to system calls?
 void
 copyinstr1(char *s)
 {
@@ -120,6 +125,9 @@ copyinstr1(char *s)
   }
 }
 
+// what if a string system call argument is exactly the size
+// of the kernel buffer it is copied into, so that the null
+// would fall just beyond the end of the kernel buffer?
 void
 copyinstr2(char *s)
 {
@@ -181,6 +189,50 @@ copyinstr2(char *s)
   }
 }
 
+// what if a string argument crosses over the end of last user page?
+void
+copyinstr3(char *s)
+{
+  sbrk(8192);
+  uint64 top = (uint64) sbrk(0);
+  if((top % PGSIZE) != 0){
+    sbrk(PGSIZE - (top % PGSIZE));
+  }
+  top = (uint64) sbrk(0);
+  if(top % PGSIZE){
+    printf("oops\n");
+    exit(1);
+  }
+
+  char *b = (char *) (top - 1);
+  *b = 'x';
+
+  int ret = unlink(b);
+  if(ret != -1){
+    printf("unlink(%s) returned %d, not -1\n", b, ret);
+    exit(1);
+  }
+
+  int fd = open(b, O_CREATE | O_WRONLY);
+  if(fd != -1){
+    printf("open(%s) returned %d, not -1\n", b, fd);
+    exit(1);
+  }
+
+  ret = link(b, b);
+  if(ret != -1){
+    printf("link(%s, %s) returned %d, not -1\n", b, b, ret);
+    exit(1);
+  }
+
+  char *args[] = { "xx", 0 };
+  ret = exec(b, args);
+  if(ret != -1){
+    printf("exec(%s) returned %d, not -1\n", b, fd);
+    exit(1);
+  }
+}
+
 // test O_TRUNC.
 void
 truncate1(char *s)
@@ -2470,6 +2522,7 @@ main(int argc, char *argv[])
     {copyout, "copyout"},
     {copyinstr1, "copyinstr1"},
     {copyinstr2, "copyinstr2"},
+    {copyinstr3, "copyinstr3"},
     {truncate1, "truncate1"},
     {truncate2, "truncate2"},
     {truncate3, "truncate3"},